CVE-2020-36979

EUVD-2020-30870
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://www.boostbyreason.com/resource-file-9102-ath_coexagent-exe.aspx
https://www.exploit-db.com/exploits/49053
https://www.file.net/process/ath_coexagent.exe.html
https://www.vulncheck.com/advisories/atheros-coex-service-application-zatheros-btwlan-coex-agent-unquoted-service-path
https://www.exploit-db.com/exploits/49053