Critical Vulnerability Information Vulnerability Type CVE: Unquoted Service Path - Local Privilege Escalation (CWE-428) Vulnerability Description Service Name: HasleoImageMountService (Hasleo Backup Suite Image Mount Service) Issue: The service's registered ImagePath is not properly quoted: Cause: The path contains spaces and is unquoted, causing the Windows service loader to potentially parse the path at the space and search for an executable file. Impact Severity: High CVSS v3.1: 7.8 Potential Risk: A non-privileged local user can exploit this vulnerability to escalate privileges to LocalSystem, leading to full system compromise, credential theft, tampering with system binaries, and lateral movement. Affected Products/Versions Product/Service: Hasleo Backup Suite — service HasleoImageMountService Detected ImagePath: Vulnerability Details When Windows interprets an unquoted service ImagePath value, it splits the path at spaces and searches for executable files. If an early path token corresponds to a location writable by a non-privileged user, an attacker can place a malicious executable there. When the service starts or restarts, it will execute the malicious file under the service account (in this case, LocalSystem), resulting in privilege escalation. Proof of Concept 1. Enumerate service configuration: 2. Observe that BINARY_PATH_NAME is unquoted: References https://cwe.mitre.org/data/definitions/428.html