CVE-2020-36879
Published: Dec 5, 2025
Modified: Dec 5, 2025
Description
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
| Vendor | Product | Versions |
|---|---|---|
Flexsense | DiskBoss | affected 11.7.28 |
Flexsense | DiskBoss Pro | affected 11.7.28 |
Flexsense | DiskBoss Ultimate | affected 11.7.28 |
Flexsense | DiskBoss Pro | affected 11.7.28 |
Flexsense | DiskBoss Ultimate | affected 11.7.28 |
Flexsense | DiskBoss Server | affected 11.7.28 |
Flexsense | DiskBoss Enterprise | affected 11.7.28 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now