CVE-2020-37048
Published: 01 February 2026
Summary
CVE-2020-37048 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Iskysoft Application Framework (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-37048 is an unquoted service path vulnerability affecting Iskysoft Application Framework Service version 2.4.3.241. The issue arises in the service configuration, where the unquoted path allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit this by injecting malicious executables into the path, which the service then runs under its high-level system permissions. The vulnerability is associated with CWE-428 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Local users with low privileges can exploit the vulnerability, requiring low attack complexity and no user interaction. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, enabling privilege escalation to the service's system-level permissions through arbitrary code execution.
Advisories and references, including the Vulncheck advisory at https://www.vulncheck.com/advisories/iskysoft-application-framework-service-isappservice-unquoted-service-path, provide further details on the issue. A proof-of-concept exploit is available at https://www.exploit-db.com/exploits/48171, and the vendor site is at https://www.iskysoft.us.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30970
Vulnerability details
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be…
more
run with the service's high-level system permissions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path in privileged Windows service directly enables T1574.009 Path Interception by Unquoted Path for local privilege escalation via malicious executable placement.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Establishes and enforces secure configuration settings for services, including properly quoting executable paths to directly prevent unquoted service path exploitation.
Enforces least privilege for service accounts and processes, limiting the impact of arbitrary code execution and privilege escalation even if the unquoted path is exploited.
Requires identification, reporting, and correction of flaws such as unquoted service paths, ensuring timely remediation of this specific vulnerability.