CVE-2024-58315 identifies an unquoted service path vulnerability in Tosibox Key Service version 3.3.0. This vulnerability occurs when the Windows service executable path contains spaces but is not enclosed in quotation marks. During the service startup, Windows parses the path and may mistakenly execute malicious code placed in directories along the path if an attacker can write to those locations. Since the service runs with elevated privileges, executing malicious code in this context allows privilege escalation from a local non-privileged user to SYSTEM level. The vulnerability requires local access but no authentication or user interaction, making it easier to exploit in environments where multiple users have access or where attackers have gained limited footholds. The CVSS 4.0 base score is 8.5 (high), reflecting the significant impact on confidentiality, integrity, and availability due to potential full system compromise. No specific affected versions beyond 3.3.0 are listed, and no patches or exploits are currently documented. The vulnerability is particularly concerning for organizations relying on Tosibox Key Service for secure remote access or network segmentation, as attackers could leverage this flaw to bypass security controls and gain persistent privileged access.

For European organizations, the impact of CVE-2024-58315 is substantial. Tosibox Key Service is often deployed in industrial, manufacturing, and critical infrastructure sectors to provide secure remote access and network segmentation. Exploitation could allow attackers to escalate privileges on critical systems, leading to unauthorized access, data theft, sabotage, or disruption of operations. This could compromise sensitive industrial control systems or business-critical environments, impacting operational continuity and safety. The vulnerability's local access requirement limits remote exploitation but does not eliminate risk, especially in environments with shared access or where attackers have already gained limited entry. The potential for elevated privileges means attackers could disable security controls, install persistent malware, or move laterally within networks. European organizations with stringent regulatory requirements for data protection and operational resilience may face compliance and reputational risks if exploited.

Organizations should proactively audit all Tosibox Key Service installations to identify unquoted service paths and verify the version in use. Immediate mitigation includes restricting write permissions on directories in the service path to prevent unauthorized code placement. Applying the official patch from Tosibox Oy once released is critical. Until patches are available, consider running the service with the least privileges necessary or isolating affected systems to limit local user access. Employ endpoint detection and response (EDR) tools to monitor for suspicious activity related to service startup or privilege escalation attempts. Conduct regular local privilege escalation assessments and harden local user permissions. Additionally, implement strict access controls and network segmentation to reduce the risk of attackers gaining local access. Maintain up-to-date backups and incident response plans tailored to potential privilege escalation scenarios.