CVE-2020-36979

Published: Jan 27, 2026Modified: Jan 29, 2026

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (5)

https://www.boostbyreason.com/resource-file-9102-ath_coexagent-exe.aspx

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/49053

Source: disclosure@vulncheck.com

https://www.file.net/process/ath_coexagent.exe.html

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/atheros-coex-service-application-zatheros-btwlan-coex-agent-unquoted-service-path

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/49053

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.