Unquoted service path vulnerability on Veyon
Description
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.htmlmitrex_refsource_MISC
- github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1mitrex_refsource_MISC
- github.com/veyon/veyon/issues/657mitrex_refsource_MISC
- github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqpmitrex_refsource_CONFIRM
- www.exploit-db.com/exploits/48246mitrex_refsource_MISC
- www.exploit-db.com/exploits/49925mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.