Description
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
Published: 2026-01-21
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution with administrator privileges
Action: Patch
AI Analysis

Impact

The ServerView Agents for Windows installer from Fsas Technologies Inc. fails to properly protect its dynamic library loading. During installation, the installer can resolve and load DLLs from insecure locations, allowing an attacker to supply a malicious library that executes with the full privileges of the installer process. This vulnerability can elevate the attacker’s capabilities, letting them run arbitrary code under an administrator account on the target system, posing a severe risk to confidentiality, integrity and availability of the environment.

Affected Systems

Vendor: Fsas Technologies Inc. Product: ServerView Agents for Windows. No specific version information was supplied by the CNA, so all released versions of this product might be affected.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity issue. The EPSS score is < 1 %, suggesting that, at the time of analysis, exploitation likelihood is low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to execute the installer with administrative rights; the attack vector is local installation, though a malicious installer could be distributed via social engineering or compromised networks. Based on the description, it is inferred that the attacker must have local access to run the installer. Once the installer runs, the insecure DLL search path allows the attacker to run arbitrary code with elevated privileges.

Generated by OpenCVE AI on April 18, 2026 at 15:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or update for ServerView Agents for Windows
  • Verify the installer’s digital signature and source before execution
  • Run the installer only with the minimal required privileges and from a trusted network
  • Consider disabling or restricting installation of the agent until a patch is applied

Generated by OpenCVE AI on April 18, 2026 at 15:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title ServerView Agents for Windows Installer Allows Arbitrary Code Execution via Unsecured DLL Loading

Tue, 24 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
References

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Fsastech
Fsastech serverview Agents For Windows
Vendors & Products Fsastech
Fsastech serverview Agents For Windows

Wed, 21 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 07:45:00 +0000

Type Values Removed Values Added
Description The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fsastech Serverview Agents For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-02-24T14:51:46.137Z

Reserved: 2026-01-20T05:13:56.618Z

Link: CVE-2026-24016

cve-icon Vulnrichment

Updated: 2026-02-24T14:51:46.137Z

cve-icon NVD

Status : Deferred

Published: 2026-01-21T08:15:59.407

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:45:04Z

Weaknesses