← Back to CVEs

CVE-2022-50928

HIGH

7.8

Description

BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges.

CVE Details

CVSS v3.1 Score7.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published1/13/2026

Last Modified2/2/2026

Sourcenvd

Honeypot Sightings0

Affected Products

ivtcorporation:bluesoleilcs

Weaknesses (CWE)

CWE-428

References

https://web.archive.org/web/20210624054150/http://ivtcorporation.com/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/50761(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/bluetooth-application-bluesoleilcs-unquoted-service-path(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/50761(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.