CVE-2024-58288 is an unquoted search path vulnerability (CWE-428) found in Genexus Protection Server version 9.7.2.10, specifically in the protsrvservice Windows service configuration. This vulnerability arises because the service executable path is not enclosed in quotes, causing Windows to incorrectly parse the path if it contains spaces. An attacker with local access can exploit this by placing a malicious executable in a directory that Windows searches before the legitimate service executable. When the service starts or restarts, the malicious executable is run with LocalSystem privileges, granting the attacker full control over the system. The vulnerability does not require user interaction or prior authentication, increasing its risk profile. The CVSS v4.0 score is 8.7 (high), reflecting the network attack vector, low complexity, no privileges required, and high impact on confidentiality, integrity, and availability. No public exploits are currently known, but the vulnerability is straightforward to exploit given local access. The root cause is improper quoting of the binary path in the Windows service configuration, a common misconfiguration that can be mitigated by enclosing paths in quotes and securing directory permissions. This vulnerability is particularly dangerous in environments where Genexus Protection Server is used to protect critical applications or data, as it can lead to full system compromise.

For European organizations, exploitation of CVE-2024-58288 could lead to complete system compromise of servers running Genexus Protection Server 9.7.2.10. Attackers gaining LocalSystem privileges can bypass all security controls, access sensitive data, disrupt services, or use the compromised system as a foothold for lateral movement within the network. This is especially critical for industries such as finance, healthcare, and government, where data confidentiality and service availability are paramount. The vulnerability's ease of exploitation without user interaction or authentication increases the risk of rapid compromise once local access is obtained, for example via phishing or insider threats. Organizations relying on Genexus Protection Server for application protection may face significant operational and reputational damage if exploited. The lack of known exploits in the wild currently provides a window for proactive mitigation before widespread attacks occur.

1. Immediately verify and correct the service executable path in the Windows service configuration for protsrvservice by enclosing the entire path in double quotes to prevent unquoted path parsing issues. 2. Restrict write permissions on all directories in the service executable path to trusted administrators only, preventing attackers from placing malicious executables. 3. Implement application whitelisting to prevent unauthorized executables from running. 4. Monitor file system changes in directories related to the service path for suspicious activity. 5. Limit local user privileges to reduce the risk of local exploitation. 6. If possible, upgrade to a patched version of Genexus Protection Server once available or apply vendor-provided patches. 7. Conduct regular audits of service configurations across the environment to detect similar unquoted path vulnerabilities. 8. Educate system administrators about the risks of unquoted service paths and secure service configuration best practices.