Unquoted Service Path after WSM update

AVI_CollinsAVI_Collins
in Technical Discussion

I don't know where else to report this, but I've noticed that each time we update the WatchGuard System Manager on our management server, it installs the service path without quotes. Tenable flags this as a high vulnerability with a description of:

"The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service."

Nessus found the following service with an untrusted path :
wlcollector_service : C:\Program Files (x86)\WatchGuard\wsm11\wlcollector\bin\wlcollector.exe

We fix this each time but wanted to bring it to someone's attention in case it can be fixed in future releases.

Let me know if I'm crazy for thinking this is something that should be addressed. :D

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AVI_Collins

    wlcollector is part of the log/report server portion of the WSM server, which is deprecated. I would suggest uninstalling the log/report server functions of the WSM server and running your scan again.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.