# Unquoted-Service Path in the Fortect - 5.0.0.7 - CVE-2023-37800 Unquoted Service Path in the Fortect - 5.0.0.7 Discoverer: Idan Malihi # Description The component MainService.exe is vulnerable to unquoted service path: C:\Program Files\Fortect\MainService.exe # Steps to Reproduce To exploit the unquoted service path, the attacker should take the following steps: 1. Open the CMD prompt and type the following command: wmic service get name, displayname, pathname, startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ 2. The command will print to your screen the unquoted service paths that exist in your system: C:\Program Files\Fortect\MainService.exe 3. Create a malicious executable file and name it a folder s name with a space, such as Program.exe or MainService.exe. 4. Insert the file in one of the folders in the path (depending on the executable s name). 5. Reboot the system. 6. Get a reverse shell as a SYSTEM user.