CVE-2020-37047
Published: 01 February 2026
Summary
CVE-2020-37047 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Deepinstinct (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2020-37047 is an unquoted service path vulnerability affecting Deep Instinct Windows Agent version 1.2.29.0, specifically in the DeepMgmtService component. The issue stems from the service path configured as C:\Program Files\HP Sure Sense\DeepMgmtService.exe, which lacks proper quoting. This classic CWE-428 flaw enables local users to potentially execute arbitrary code with elevated privileges, as the Windows service control manager fails to properly parse spaces in the path during startup.
Local low-privileged users (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) under CVSS v3.1 scoring of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U). An attacker with local access places a malicious executable in one of the intermediate unquoted directories along the path (e.g., exploiting the space after "Program"), causing the service to launch it instead of the legitimate binary upon startup, thereby executing with LocalSystem permissions.
Advisories and references highlight the issue without specifying patches in the provided details. The VulnCheck advisory details the Deep Instinct Windows Agent DeepMgmtService unquoted path, while Exploit-DB hosts a proof-of-concept exploit at exploits/48174, demonstrating practical exploitation. The vendor site at deepinstinct.com provides general context on the product.
This vulnerability carries notable context as a publicly disclosed exploit in an AI-driven endpoint security agent from Deep Instinct, with a PoC available since publication on 2026-02-01, underscoring risks in security software itself.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30971
Vulnerability details
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code…
more
that would execute with LocalSystem permissions during service startup.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path (CWE-428) in DeepMgmtService directly enables path interception by placing a malicious binary in an intermediate directory, hijacking service execution flow at startup with LocalSystem privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
CM-6 mandates secure configuration settings for systems, including properly quoting Windows service executable paths to directly prevent exploitation of unquoted service path vulnerabilities like CVE-2020-37047.
SI-2 requires timely identification, reporting, and correction of system flaws, such as the unquoted path in DeepMgmtService, to eliminate the vulnerability before local privilege escalation can occur.
RA-5 implements regular vulnerability scanning that specifically identifies unquoted service path issues like CVE-2020-37047, enabling early detection and mitigation.