CVE-2020-36989
Published: 28 January 2026
Summary
CVE-2020-36989 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Forensit (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2020-36989 is an unquoted service path vulnerability (CWE-428) in ForensiT AppX Management Service version 2.2.0.4. The issue resides in the service configuration, where the unquoted path enables local users to potentially execute arbitrary code with elevated system privileges. Specifically, attackers can inject malicious code that executes under LocalSystem account permissions during service startup. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-28.
Local low-privileged users (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. By placing a malicious executable in a directory exploited by the unquoted service path, attackers cause it to run automatically upon service startup, achieving high impacts on confidentiality, integrity, and availability through LocalSystem privileges.
Advisories and references include a proof-of-concept exploit at https://www.exploit-db.com/exploits/48821, the vendor's downloads page at https://www.forensit.com/downloads.html, and a Vulncheck advisory at https://www.vulncheck.com/advisories/forensitappxservice-forensitappxserviceexe-unquoted-service-path detailing the unquoted path in ForensiTAppXService.exe. Security practitioners should review these sources for guidance on mitigations such as service path corrections or software updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30897
Vulnerability details
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would…
more
execute with LocalSystem account permissions during service startup.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unquoted service path (CWE-428) weakness enables path interception during service startup for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
CM-6 mandates secure configuration settings for system components like services, directly preventing unquoted service path vulnerabilities by requiring properly quoted executable paths in service configurations.
RA-5 requires vulnerability monitoring and scanning that identifies unquoted service path issues in services like ForensiT AppX Management Service, enabling proactive remediation.
SI-2 ensures timely identification, reporting, and correction of flaws such as the unquoted service path in ForensiT AppX Management Service, mitigating privilege escalation risks.