Cyber Resilience

CVE-2020-37047

HighPublic PoC

Published: 01 February 2026

Published
01 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37047 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Deepinstinct (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2020-37047 is an unquoted service path vulnerability affecting Deep Instinct Windows Agent version 1.2.29.0, specifically in the DeepMgmtService component. The issue stems from the service path configured as C:\Program Files\HP Sure Sense\DeepMgmtService.exe, which lacks proper quoting. This classic CWE-428 flaw enables local users to potentially execute arbitrary code with elevated privileges, as the Windows service control manager fails to properly parse spaces in the path during startup.

Local low-privileged users (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) under CVSS v3.1 scoring of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U). An attacker with local access places a malicious executable in one of the intermediate unquoted directories along the path (e.g., exploiting the space after "Program"), causing the service to launch it instead of the legitimate binary upon startup, thereby executing with LocalSystem permissions.

Advisories and references highlight the issue without specifying patches in the provided details. The VulnCheck advisory details the Deep Instinct Windows Agent DeepMgmtService unquoted path, while Exploit-DB hosts a proof-of-concept exploit at exploits/48174, demonstrating practical exploitation. The vendor site at deepinstinct.com provides general context on the product.

This vulnerability carries notable context as a publicly disclosed exploit in an AI-driven endpoint security agent from Deep Instinct, with a PoC available since publication on 2026-02-01, underscoring risks in security software itself.

EU & UK References

Vulnerability details

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code…

more

that would execute with LocalSystem permissions during service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
Why these techniques?

Unquoted service path (CWE-428) in DeepMgmtService directly enables path interception by placing a malicious binary in an intermediate directory, hijacking service execution flow at startup with LocalSystem privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36928Shared CWE-428
CVE-2023-54336Shared CWE-428
CVE-2020-37048Shared CWE-428
CVE-2019-25306Shared CWE-428
CVE-2020-36979Shared CWE-428
CVE-2020-36929Shared CWE-428
CVE-2020-37017Shared CWE-428
CVE-2021-47859Shared CWE-428
CVE-2019-25309Shared CWE-428
CVE-2021-47790Shared CWE-428

Affected Assets

Deepinstinct
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

CM-6 mandates secure configuration settings for systems, including properly quoting Windows service executable paths to directly prevent exploitation of unquoted service path vulnerabilities like CVE-2020-37047.

prevent

SI-2 requires timely identification, reporting, and correction of system flaws, such as the unquoted path in DeepMgmtService, to eliminate the vulnerability before local privilege escalation can occur.

detect

RA-5 implements regular vulnerability scanning that specifically identifies unquoted service path issues like CVE-2020-37047, enabling early detection and mitigation.

References