CVE-2023-53947

HIGH 8.4

OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.

CWE	CWE-428
Vendor	oscinventory
Product	ocs inventory ng
Published	Dec 19, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for oscinventory ocs inventory ng

Be the first to know when new high vulnerabilities affecting oscinventory ocs inventory ng are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

oscinventory / OCS Inventory NG

0 ≤ 2.3.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51389 github.com: https://github.com/OCSInventory-NG/WindowsAgent vulncheck.com: https://www.vulncheck.com/advisories/ocs-inventory-ng-unquoted-service-path-privilege-escalation

Credits

msd0pe