{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T16:15:58.286","vulnerabilities":[{"cve":{"id":"CVE-2017-20218","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-16T14:17:51.317","lastModified":"2026-04-15T14:56:45.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot."},{"lang":"es","value":"Serviio PRO 1.8 contiene una vulnerabilidad de ruta de búsqueda sin comillas en el servicio de Windows que permite a usuarios locales ejecutar código arbitrario con privilegios elevados al colocar ejecutables maliciosos en la ruta raíz del sistema. Además, permisos de directorio incorrectos con acceso total para el grupo Usuarios permiten a usuarios autenticados reemplazar el archivo ejecutable con binarios arbitrarios, lo que permite la escalada de privilegios durante el inicio del servicio o el reinicio del sistema."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://blogs.securiteam.com/index.php/archives/3094","source":"disclosure@vulncheck.com"},{"url":"https://cxsecurity.com/issue/WLB-2017050019","source":"disclosure@vulncheck.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/125644","source":"disclosure@vulncheck.com"},{"url":"https://packetstormsecurity.com/files/142384","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/41959/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path","source":"disclosure@vulncheck.com"},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php","source":"disclosure@vulncheck.com"}]}}]}