Unquoted Service Path Privilege Escalation in OKI sPSV

CVE-2020-37229 exploits a critical flaw in OKI sPSV Port Manager 1.0.41 where the sPSVOpLclSrv service is configured with an unquoted executable path. This vulnerability allows local attackers to achieve privilege escalation by placing malicious executables in directories within the service path hierarchy. When Windows resolves the service path without quotes, it attempts to execute files in the order it searches directories—an attacker who can write to these directories can inject code that executes with LocalSystem privileges. Organizations running OKI sPSV Port Manager are at significant risk, as local access (which many assume is low-risk) becomes a pathway to complete system compromise.

While CVE-2020-37229 doesn't map directly to a single MITRE ATT&CK technique, Casky's Claude-powered analysis would identify attack patterns associated with Privilege Escalation (T1134) and Service Execution (T1569.002) by examining the service configuration, file system write permissions, and system restart behaviors. A practitioner using Casky would receive findings highlighting suspicious unquoted service paths during configuration audits, detection of executable placement in system directories, and service restart events following new file creation. Claude's extended reasoning would correlate these signals—local file write capabilities + unquoted service paths + service restart triggers—to surface the complete privilege escalation chain, enabling defenders to patch or mitigate before exploitation occurs.