CVE-2024-58288 is an unquoted search path vulnerability classified under CWE-428 found in Genexus Protection Server version 9.7.2.10. This vulnerability arises because the Windows service 'protsrvservice' is configured with an unquoted binary path. When Windows attempts to start this service, it searches for the executable along the path, interpreting spaces as delimiters. If an attacker can place a malicious executable in a directory path segment before the legitimate executable, Windows may execute the attacker's code instead. This leads to arbitrary code execution with LocalSystem privileges, the highest level of privilege on a Windows system, allowing full control over the affected machine. The vulnerability requires no user interaction or authentication, making it easier to exploit in environments where attackers have some write access to the file system. The CVSS 4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges required to initiate exploitation. Although no public exploits are currently known, the vulnerability is critical due to the potential for privilege escalation and system compromise. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for mitigation through configuration changes or access controls.

For European organizations, this vulnerability poses a significant risk of privilege escalation and full system compromise on machines running Genexus Protection Server 9.7.2.10. Attackers exploiting this flaw can gain LocalSystem privileges, potentially leading to unauthorized access to sensitive data, disruption of services, and lateral movement within networks. Critical sectors such as finance, healthcare, and government institutions that rely on Genexus Protection Server for application protection or licensing management could face operational disruptions and data breaches. The ease of exploitation without user interaction or authentication increases the threat level, especially in environments where attackers have limited initial access. This vulnerability could also be leveraged as a foothold for deploying ransomware or other malware, amplifying the impact on availability and business continuity. European organizations with less mature endpoint protection or insufficient file system access controls are particularly vulnerable. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score demands immediate attention.

To mitigate CVE-2024-58288, organizations should first verify the service path configuration of the 'protsrvservice' Windows service and ensure that the executable path is fully quoted to prevent unquoted path interpretation. Restrict write permissions on all directories in the service path to prevent attackers from placing malicious executables. Employ application whitelisting to block unauthorized executables from running, especially in directories commonly targeted by unquoted path attacks. Monitor file system changes in service directories and use endpoint detection and response (EDR) tools to detect suspicious activity related to service execution. If a patch becomes available from Genexus, apply it promptly. Additionally, conduct regular audits of all Windows services for unquoted path vulnerabilities to prevent similar issues. Network segmentation and least privilege principles should be enforced to limit the impact of any successful exploitation. Finally, educate system administrators about the risks of unquoted service paths and best practices for secure service configuration.