Plugin Name: Microsoft Windows Unquoted Service Path Enumeration
Port: 445
CVE-2013-1609,CVE-2014-0759,CVE-2014-5455
Nessus found the following service with an untrusted path: sradmin : C:\Program Files (x86)\SRAdmin\sradmin.exe
Solution: Ensure that any services that contain a space in the path enclose the path in quotes.
Release : 20.2, 21.2
Component : SpectroSERVER and OneClick
The SRAdmin service path is not enclosed in quotes.
Here are the steps to put the SRAdmin service path surrounded by quotes to address the Microsoft Windows Unquoted Service Path Enumeration.
1. Launch the regedit.exe
2. Navigate to the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sradmin folder
3. Double-click on the ImagePath item.
4. Enclose the path in quotes.
From: C:\Program Files (x86)\SRAdmin\sradmin.exe
To: "C:\Program Files (x86)\SRAdmin\sradmin.exe"
5. See the result in the ImagePath:
6. See the result in Windows Services: