الثغرات ›

CVE-2020-37099

مرتفع

Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the

CWE-428 — نوع الضعف

                    نُشر: Feb 3, 2026                      ·  آخر تحديث: Feb 28, 2026                      ·  المصدر: NVD                

CVSS v3

7.8

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.

🤖 ملخص AI

CVE-2020-37099 is a local privilege escalation vulnerability in Disk Savvy Enterprise 12.3.18 exploiting an unquoted service path, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges. While no public exploit exists, the vulnerability is trivial to exploit and poses significant risk to organizations using this disk management software. Immediate patching is critical for systems handling sensitive data or operating in restricted environments.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: Apr 27, 2026 17:19

🇸🇦 التأثير على المملكة العربية السعودية

This vulnerability primarily impacts Saudi government agencies, financial institutions, and large enterprises using Disk Savvy Enterprise for storage management and monitoring. High-risk sectors include: SAMA-regulated banking institutions managing critical financial data, NCA-supervised government agencies handling classified information, healthcare organizations (MOH) storing patient records, ARAMCO and energy sector companies managing operational technology infrastructure, and telecommunications providers (STC, Mobily) maintaining network infrastructure. The local privilege escalation capability is particularly dangerous in multi-user environments and shared server infrastructure common in Saudi enterprise deployments.

🏢 القطاعات السعودية المتأثرة

Banking & Financial Services (SAMA-regulated) Government & Public Administration (NCA-supervised) Healthcare (MOH facilities) Energy & Oil/Gas (ARAMCO, downstream operators) Telecommunications (STC, Mobily, Zain) Large Enterprise IT Operations Data Centers & Hosting Providers

🎯 تقنيات MITRE ATT&CK

T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1547.011 - Boot or Logon Autostart Execution: Services T1134.003 - Access Token Manipulation: Make and Impersonate Token T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking T1036.003 - Masquerading: Rename System Utilities T1053.005 - Scheduled Task/Job: Scheduled Task

⚖️ درجة المخاطر السعودية (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running Disk Savvy Enterprise 12.3.18 or earlier versions through asset inventory and endpoint detection tools

2. Restrict local access to affected systems through Group Policy (Windows) or access control lists

3. Disable or remove Disk Savvy Enterprise service if not critical to operations



PATCHING:

1. Upgrade to Disk Savvy Enterprise version 13.0 or later (confirmed patched version)

2. Apply patches through controlled testing in non-production environments first

3. Verify service path is properly quoted post-patch: "C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe"



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement application whitelisting to prevent unauthorized executable execution in Program Files directories

2. Monitor and alert on file creation attempts in C:\Program Files\Disk Savvy Enterprise\bin\ directory

3. Restrict service account permissions to minimum required privileges

4. Enable Windows Defender Application Guard or similar sandboxing



DETECTION RULES:

1. Monitor for suspicious .exe files created in C:\Program Files\Disk Savvy Enterprise\bin\ with timestamps near service startup

2. Alert on disksvs.exe service starting with unexpected child processes

3. Track privilege escalation events (Event ID 4688) following Disk Savvy service execution

4. Monitor registry modifications to HKLM\SYSTEM\CurrentControlSet\Services\DiskSavvyService ImagePath value

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل Disk Savvy Enterprise 12.3.18 أو الإصدارات الأقدم من خلال جرد الأصول وأدوات الكشف عن نقاط النهاية

2. تقييد الوصول المحلي للأنظمة المتأثرة من خلال Group Policy أو قوائم التحكم في الوصول

3. تعطيل أو إزالة خدمة Disk Savvy Enterprise إذا لم تكن حرجة للعمليات

التصحيح:

1. الترقية إلى Disk Savvy Enterprise الإصدار 13.0 أو أحدث (إصدار مصحح مؤكد)

2. تطبيق التصحيحات من خلال الاختبار المنضبط في بيئات غير الإنتاج أولاً

3. التحقق من أن مسار الخدمة محاط بعلامات اقتباس بشكل صحيح بعد التصحيح

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تنفيذ قائمة بيضاء للتطبيقات لمنع تنفيذ ملفات قابلة للتنفيذ غير مصرح بها في أدلة Program Files

2. مراقبة والتنبيه على محاولات إنشاء ملفات في دليل Disk Savvy Enterprise

3. تقييد أذونات حساب الخدمة للحد الأدنى المطلوب

4. تفعيل Windows Defender Application Guard أو حماية مماثلة

قواعد الكشف:

1. مراقبة ملفات .exe المريبة المنشأة في دليل Disk Savvy Enterprise مع أوقات قريبة من بدء الخدمة

2. التنبيه على خدمة disksvs.exe التي تبدأ بعمليات فرعية غير متوقعة

3. تتبع أحداث تصعيد الامتيازات بعد تنفيذ خدمة Disk Savvy

4. مراقبة تعديلات السجل على قيمة ImagePath للخدمة

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - User access management and privilege control A.5.2.2 - Segregation of duties A.5.2.3 - User access review A.5.3.1 - Password management A.5.4.1 - Event logging and monitoring A.5.4.2 - Protection of log information A.5.5.1 - Installation of software on operational systems

🔵 SAMA CSF

Governance & Risk Management - Policy and Risk Assessment Information & Cybersecurity - Access Control and Authentication Information & Cybersecurity - Audit and Accountability Resilience & Continuity - System Hardening and Patch Management

🟡 ISO 27001:2022

A.5.1.1 - Policies for information security A.5.2.1 - User registration and de-registration A.5.2.2 - User access provisioning A.5.2.3 - Management of privileged access rights A.5.3.1 - Management of authentication information A.5.4.1 - Event logging A.5.4.2 - Protection of log information A.8.1.1 - User endpoint devices A.8.1.3 - Management of removable media

🟣 PCI DSS v4.0.1

Requirement 2.2.4 - Configure system security parameters to prevent misuse Requirement 6.2 - Ensure all system components and software are protected from known vulnerabilities Requirement 8.1.1 - Assign unique ID to each person with computer access Requirement 8.2.1 - Use strong authentication methods

🔗 المراجع والمصادر 3

🔗

http://www.disksavvy.com

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48049

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/disk-savvy-enterprise-disksvsexe-unquoted-service-...

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — مرتفع

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 حقائق سريعة

الخطورة مرتفع

CVSS Score7.8

CWECWE-428

EPSS0.01%

اختراق متاح لا

تصحيح متاح ✓ نعم

تاريخ النشر 2026-02-03

المصدر nvd

المشاهدات 6

🇸🇦 درجة المخاطر السعودية

7.2

/ 10.0 — مخاطر السعودية

أولوية: HIGH

🏷️ الوسوم

CWE-428

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 التعليقات

جارٍ التحميل

CVE-2020-37099

💬 التعليقات

عرّفنا بنفسك

تسجيل الدخول مطلوب