CVE-2020-36981

high

Description

Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.

References

https://www.vulncheck.com/advisories/motorola-device-manager-forwarddaemonexe-unquoted-service-path

https://www.filehorse.com/es/descargar-motorola-device-manager/

https://www.exploit-db.com/exploits/49013

https://www.exploit-db.com/exploits/49011

Details

Source: Mitre, NVD

Published: 2026-01-27

Updated: 2026-01-27

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.5

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00005