Vulnerabilities ›

CVE-2020-37232

High

CWE-428 — Weakness Type

                    Published: May 16, 2026                      ·  Modified: May 23, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.

🤖 AI Executive Summary

CVE-2020-37232 is a local privilege escalation vulnerability in Advanced System Care Service 13.0.0.157 exploiting an unquoted service path. Attackers with local access can place malicious executables in the system root to execute with LocalSystem privileges during service startup. With CVSS 7.8 and no available patch, this poses significant risk to Saudi organizations using this software, particularly in environments with multiple user accounts or shared systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 21, 2026 01:00

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi organizations in the following sectors: (1) Government agencies and ministries using Advanced System Care for endpoint management; (2) Banking and financial institutions (SAMA-regulated) with multi-user workstations; (3) Healthcare facilities managing shared clinical workstations; (4) Energy sector (ARAMCO and subsidiaries) with administrative systems; (5) Telecommunications companies (STC, Mobily) managing IT infrastructure. The impact is localized privilege escalation, allowing any local user to gain system-level access, potentially compromising sensitive data, compliance posture, and critical system integrity.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services (SAMA-regulated) Healthcare and Medical Institutions Energy and Utilities (ARAMCO, subsidiaries) Telecommunications (STC, Mobily, Zain) Education and Universities Enterprise IT Infrastructure

🎯 MITRE ATT&CK Techniques

T1548.004 - Abuse Elevation Control Mechanism: Unquoted Service Path T1547.011 - Boot or Logon Autostart Execution: Services T1134.003 - Access Token Manipulation: Make and Impersonate Token T1543.003 - Create or Modify System Process: Windows Service T1611 - Escape to Host (if containerized environments)

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running Advanced System Care Service 13.0.0.157 across your organization

2. Restrict local user access to systems running this software; implement principle of least privilege

3. Monitor service startup logs for suspicious executable execution in system root paths



Compensating Controls (no patch available):

1. Uninstall Advanced System Care Service 13.0.0.157 if not critical; replace with patched alternatives

2. If uninstall not feasible, disable the AdvancedSystemCareService13 service via Services.msc

3. Implement file integrity monitoring (FIM) on system root directory (C:\) to detect unauthorized executable placement

4. Apply NTFS permissions to restrict write access to system root for non-administrative users

5. Enable Windows Audit Policy to log service startup events and process creation

6. Deploy Application Whitelisting (AppLocker/Windows Defender Application Control) to prevent unauthorized executables



Detection Rules:

1. Monitor Event ID 7045 (Service Installation) and 7040 (Service Start Type Changed)

2. Alert on any executable creation in C:\ root directory by non-system processes

3. Monitor AdvancedSystemCareService13 service startup with unusual child processes

4. Track privilege escalation attempts via local service exploitation

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل Advanced System Care Service 13.0.0.157 في المنظمة

2. تقييد وصول المستخدمين المحليين إلى الأنظمة التي تقوم بتشغيل هذا البرنامج؛ تطبيق مبدأ أقل امتياز

3. مراقبة سجلات بدء الخدمة للتنفيذ المريب للملفات التنفيذية في مسارات جذر النظام

الضوابط البديلة (لا يوجد تصحيح متاح):

1. إلغاء تثبيت Advanced System Care Service 13.0.0.157 إذا لم تكن حرجة؛ استبدالها ببدائل معدلة

2. إذا لم يكن الإلغاء ممكناً، قم بتعطيل خدمة AdvancedSystemCareService13 عبر Services.msc

3. تطبيق مراقبة سلامة الملفات (FIM) على دليل جذر النظام (C:\) للكشف عن وضع الملفات التنفيذية غير المصرح به

4. تطبيق أذونات NTFS لتقييد وصول الكتابة إلى جذر النظام للمستخدمين غير الإداريين

5. تفعيل سياسة تدقيق Windows لتسجيل أحداث بدء الخدمة وإنشاء العمليات

6. نشر القائمة البيضاء للتطبيقات (AppLocker/Windows Defender Application Control) لمنع الملفات التنفيذية غير المصرح بها

قواعد الكشف:

1. مراقبة معرف الحدث 7045 (تثبيت الخدمة) و7040 (تغيير نوع بدء الخدمة)

2. تنبيه على أي إنشاء ملف تنفيذي في دليل جذر C:\ بواسطة عمليات غير النظام

3. مراقبة بدء خدمة AdvancedSystemCareService13 مع عمليات فرعية غير عادية

4. تتبع محاولات تصعيد الامتيازات عبر استغلال الخدمة المحلية

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies (local privilege escalation circumvents access controls) ECC 2024 A.5.2.1 - User Registration and De-registration (unauthorized privilege elevation) ECC 2024 A.8.2.3 - Segregation of Duties (service running with excessive privileges) ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities (unpatched software)

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Asset Management (inventory vulnerable software) SAMA CSF PR.AC-1 - Access Control (privilege escalation prevention) SAMA CSF PR.AC-4 - Access Rights (least privilege enforcement) SAMA CSF DE.CM-1 - Detection and Analysis (monitor for exploitation)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.2 - User Access Management (privilege escalation controls) ISO 27001:2022 A.5.15 - Access Control (segregation of duties) ISO 27001:2022 A.8.1 - User Endpoint Devices (endpoint security) ISO 27001:2022 A.12.6.1 - Management of Technical Vulnerabilities (patch management)

🟣 PCI DSS v4.0.1

PCI DSS 2.2.4 - Configure system security parameters (service hardening) PCI DSS 6.2 - Ensure security patches are installed (no patch available - compensating controls required) PCI DSS 7.1 - Limit access to system components (privilege escalation prevention)

🔗 References & Sources 4

🔗

https://www.exploit-db.com/exploits/49049

disclosure@vulncheck.com

🔗

https://www.iobit.com

disclosure@vulncheck.com

🔗

https://www.iobit.com/es/advancedsystemcarepro.php

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/advanced-system-care-service-unquoted-service-path...

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-16

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2020-37232

Introduce Yourself

Sign In Required