PatchSiren

PatchSiren cyber security CVE debrief

CVE-2020-37229 Exploit Db CVE debrief

CVE-2020-37229 describes an unquoted service path vulnerability in OKI sPSV Port Manager 1.0.41 affecting the sPSVOpLclSrv service. Because the service path is not properly quoted, a local attacker can place a malicious executable in a directory searched by the service and obtain code execution with LocalSystem privileges when the service restarts or the system reboots. The NVD record lists the issue as HIGH severity with a CVSS score of 8.5 and maps it to CWE-428.

Vendor
Exploit Db
Product
Unknown
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-16
Original CVE updated
2026-05-16
Advisory published
2026-05-16
Advisory updated
2026-05-16

Who should care

Endpoint administrators, IT support teams, and security teams responsible for Windows systems running OKI sPSV Port Manager. This is especially important on systems where non-administrative users have local access, since the flaw enables local privilege escalation to LocalSystem.

Technical summary

The vulnerability is an unquoted service path issue in the sPSVOpLclSrv service. When Windows resolves an unquoted service path containing spaces, it may search multiple locations for executables. In this case, that behavior can allow a local attacker to trigger execution of an attacker-controlled binary from a writable directory in the service path. The supplied sources identify the affected software as OKI sPSV Port Manager 1.0.41 and describe the outcome as LocalSystem-level privilege escalation.

Defensive priority

High. The issue requires local access, but the impact is severe because successful exploitation can yield LocalSystem privileges on affected hosts. Prioritize systems that run OKI printing software or have the affected service installed, especially where multiple users share endpoints or where local access cannot be tightly controlled.

Recommended defensive actions

  • Identify endpoints running OKI sPSV Port Manager 1.0.41 and verify whether the sPSVOpLclSrv service is present.
  • Apply the vendor-provided update or replacement package referenced by OKI as soon as possible.
  • If the software is not required, uninstall it or disable the service to remove the exposure.
  • Review Windows service definitions for unquoted paths and correct them to prevent path-hijacking conditions.
  • Tighten filesystem permissions on directories used by the service so standard users cannot place executables there.
  • Monitor affected systems for unexpected binaries, service configuration changes, and privilege-escalation indicators.

Evidence notes

The NVD record for CVE-2020-37229 supplies the vulnerability description, CVSS 4.0 vector, and CWE-428 mapping. The Exploit-DB reference indicates public disclosure material exists for this issue, while the OKI download URL suggests a vendor software package is available. The VulnCheck advisory URL is the most direct secondary reference tying the issue to OKI sPSV Port Manager and the unquoted service path privilege-escalation scenario.

Official resources

Publicly disclosed; the supplied corpus includes a public Exploit-DB reference and a VulnCheck advisory reference. The CVE record was published and modified on the supplied date in the source feed.