High severityNVD Advisory· Published Dec 5, 2025· Updated Apr 15, 2026

CVE-2020-36879

Description

Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.diskboss.comnvd
www.diskboss.com/downloads.htmlnvd
www.exploit-db.com/exploits/49022nvd
www.vulncheck.com/advisories/flexsense-diskboss-service-unquoted-service-path-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000