Impact
The flaw arises from an unquoted service path defined for the Fortitude HTTP service. When the operating system loads the service during startup or a system reboot, a local user can place a malicious executable in a location that matches the unquoted path and has not been protected by quoting. That executable then runs with SYSTEM privileges, giving the attacker full control over the affected machine.
Affected Systems
Fortitude HTTP 1.0.4.0 is listed as affected. The CVE does not mention other released versions.
Risk and Exploitability
The CVSS score is 8.5, indicating a high impact for local privilege escalation. No EPSS score is available, so exploitation frequency cannot be estimated; the vulnerability is not in the CISA KEV catalog. Attackers must have local write access to the system root or the service startup directory, after which inserting a malicious binary is sufficient to obtain SYSTEM privileges.
OpenCVE Enrichment