CVE-2024-58315 is an unquoted search path vulnerability found in Tosibox Key Service version 3.3.0, a product by Tosibox Oy. This vulnerability occurs because the service executable path is not enclosed in quotes, which is a common misconfiguration in Windows services. When the operating system attempts to start the service, it parses the unquoted path and may mistakenly execute malicious code placed in a directory path segment that is interpreted as an executable. Since the service runs with elevated system privileges, a local attacker with non-privileged access can exploit this to execute arbitrary code with higher privileges. This elevates the attacker’s ability to compromise the system, potentially leading to full system control. The vulnerability does not require user interaction or authentication, but it does require local access to the system. The CVSS 4.0 vector indicates low attack complexity and low attack vector (local), with no privileges required but with privileges needed to exploit (PR:L). The vulnerability impacts confidentiality, integrity, and availability at a high level due to the potential for privilege escalation and arbitrary code execution. No patches or exploits are currently publicly available, but the risk remains significant due to the nature of the vulnerability and the critical role of the Tosibox Key Service in secure remote access and network management.

For European organizations, this vulnerability poses a significant risk especially to those relying on Tosibox Key Service for secure remote access and network connectivity, including industrial control systems, manufacturing, and critical infrastructure sectors. Exploitation could allow attackers to gain elevated privileges on affected systems, leading to unauthorized access, data theft, or disruption of services. The ability to execute code with system-level privileges can facilitate lateral movement within networks, persistence, and deployment of ransomware or other malware. Given the increasing reliance on remote access solutions in Europe’s digital transformation and Industry 4.0 initiatives, this vulnerability could have widespread operational and reputational impacts. Organizations in sectors with stringent regulatory requirements for data protection and system integrity, such as finance, healthcare, and energy, may face compliance risks if exploited. The absence of known exploits in the wild currently reduces immediate threat but does not diminish the urgency for remediation due to the vulnerability’s high severity and ease of exploitation by local attackers.

1. Immediately audit all Tosibox Key Service installations to identify affected versions, focusing on version 3.3.0. 2. Apply official patches or updates from Tosibox Oy as soon as they are released to address the unquoted service path vulnerability. 3. In the absence of patches, manually inspect the service executable path in Windows Services (using 'sc qc' or registry) and ensure the full path is enclosed in quotes to prevent path parsing errors. 4. Restrict local user permissions to prevent unauthorized users from placing executables in directories that are part of the service path. 5. Implement application whitelisting to block unauthorized executables from running, especially in system directories. 6. Monitor system logs and service startup events for suspicious activity indicative of exploitation attempts. 7. Educate system administrators about the risks of unquoted service paths and enforce secure service configuration practices. 8. Consider network segmentation and limiting local access to critical systems running Tosibox Key Service to reduce attack surface. 9. Regularly review and update endpoint protection solutions to detect privilege escalation attempts. 10. Maintain an incident response plan that includes procedures for privilege escalation vulnerabilities.