Vulnerabilities ›

CVE-2020-37229

High

CWE-428 — Weakness Type

                    Published: May 16, 2026                      ·  Modified: May 23, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.

🤖 AI Executive Summary

CVE-2020-37229 is a local privilege escalation vulnerability in OKI sPSV Port Manager 1.0.41 affecting the sPSVOpLclSrv service through an unquoted service path. Attackers with local access can place malicious executables in the service path to execute with LocalSystem privileges upon service restart or system reboot. While no public exploit is available and no patch has been released, this vulnerability poses significant risk to organizations using OKI printing solutions, particularly in enterprise environments where multiple users have local system access.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 21, 2026 01:02

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using OKI printing solutions face significant risk, particularly in: (1) Banking sector (SAMA-regulated institutions) where multi-user workstations are common and local privilege escalation could compromise financial systems; (2) Government agencies (NCA oversight) managing sensitive documents through networked printers; (3) Healthcare facilities using OKI printers for patient records and administrative systems; (4) Energy sector (ARAMCO and related entities) where industrial printing systems may be affected; (5) Telecommunications (STC, Mobily) managing billing and customer data systems. The vulnerability is particularly dangerous in shared workstation environments common in Saudi enterprises.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Manufacturing Education

🎯 MITRE ATT&CK Techniques

T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1547.011 - Boot or Logon Autostart Execution: Services T1134.003 - Access Token Manipulation: Make and Impersonate Token T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking T1036.003 - Masquerading: Rename System Utilities T1053.005 - Scheduled Task/Job: Scheduled Task

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running OKI sPSV Port Manager 1.0.41 through asset inventory and network scanning

2. Restrict local access to systems running the vulnerable service to authorized personnel only

3. Implement application whitelisting to prevent unauthorized executable execution

4. Monitor for suspicious file creation in service paths (typically C:\Program Files\OKI\)

Compensating Controls:

1. Disable the sPSVOpLclSrv service if not actively required for operations

2. Implement file integrity monitoring (FIM) on service directories to detect unauthorized file placement

3. Configure Windows AppLocker or equivalent to prevent execution from service paths

4. Enable Windows Event Log auditing for service start/stop events and process creation

5. Implement least privilege access controls limiting local administrator accounts

6. Use Windows Defender or equivalent to monitor for suspicious process execution with LocalSystem privileges

Detection Rules:

1. Monitor Event ID 7045 (Service Installation) and 7040 (Service Start Type Changed)

2. Alert on file creation in OKI installation directories by non-system accounts

3. Monitor for process execution with LocalSystem privileges from OKI service paths

4. Track service restart events and correlate with recent file modifications

Long-term:

1. Contact OKI for security updates or migration path to patched versions

2. Evaluate alternative printing management solutions with better security posture

3. Plan upgrade or replacement of OKI sPSV Port Manager

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل OKI sPSV Port Manager الإصدار 1.0.41 من خلال جرد الأصول والمسح الشبكي

2. تقييد الوصول المحلي إلى الأنظمة التي تقوم بتشغيل الخدمة المعرضة للخطر للموظفين المصرح لهم فقط

3. تنفيذ قائمة بيضاء للتطبيقات لمنع تنفيذ الملفات التنفيذية غير المصرح بها

4. مراقبة إنشاء الملفات المريبة في مسارات الخدمة (عادة C:\Program Files\OKI\)

الضوابط البديلة:

1. تعطيل خدمة sPSVOpLclSrv إذا لم تكن مطلوبة بنشاط للعمليات

2. تنفيذ مراقبة سلامة الملفات (FIM) على دلائل الخدمة للكشف عن وضع الملفات غير المصرح به

3. تكوين Windows AppLocker أو ما يعادله لمنع التنفيذ من مسارات الخدمة

4. تفعيل تدقيق سجل أحداث Windows لأحداث بدء/إيقاف الخدمة وإنشاء العملية

5. تنفيذ ضوابط الوصول بأقل امتياز تقيد حسابات مسؤول Windows المحلي

6. استخدام Windows Defender أو ما يعادله لمراقبة تنفيذ العملية المريبة بامتيازات LocalSystem

قواعد الكشف:

1. مراقبة معرف الحدث 7045 (تثبيت الخدمة) و7040 (تغيير نوع بدء الخدمة)

2. التنبيه عند إنشاء ملفات في دلائل OKI بواسطة حسابات غير النظام

3. مراقبة تنفيذ العملية بامتيازات LocalSystem من مسارات خدمة OKI

4. تتبع أحداث إعادة تشغيل الخدمة والربط بين التعديلات الأخيرة على الملفات

المدى الطويل:

1. الاتصال بـ OKI للحصول على تحديثات أمان أو مسار الترحيل إلى إصدارات مصححة

2. تقييم حلول إدارة الطباعة البديلة بموقف أمني أفضل

3. التخطيط لترقية أو استبدال OKI sPSV Port Manager

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.6.1.1 - Authorization of information processing facilities A.6.2.1 - User registration and de-registration A.8.2.1 - User access management A.8.2.3 - Management of privileged access rights A.9.2.1 - User endpoint devices A.9.4.1 - Restriction of information access A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed PR.AC-4 - Access rights are managed PR.PT-3 - Configuration change control procedures are in place DE.CM-8 - Vulnerability scans are performed

🟡 ISO 27001:2022

A.5.1 - Management direction for information security A.6.1 - Internal organization A.6.2 - Mobile device and teleworking A.8.1 - User endpoint devices A.8.2 - Privileged access rights A.8.3 - Information access restriction A.12.6 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

Requirement 2.2 - Configuration standards for system components Requirement 6.2 - Security patches and updates Requirement 8.1 - User identification and authentication Requirement 8.2 - User access control

🔗 References & Sources 4

🔗

https://www.exploit-db.com/exploits/49005

disclosure@vulncheck.com

🔗

https://www.oki.com/

disclosure@vulncheck.com

🔗

https://www.oki.com/mx/printing/download/sPSV_010041_2_270910.exe

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/oki-spsv-port-manager-unquoted-service-path-privil...

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-16

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2020-37229

Introduce Yourself

Sign In Required