While NSSM 2.24 is not vulnerable to the classic unquoted service path in its own code, it creates services that are. If an administrator uses NSSM to install a service with a path like C:\Program Files\MyApp\app.exe , and C:\Program Files\MyApp is writable by a non-admin user, an attacker can replace app.exe with a malicious binary.
Avoid running services as LocalSystem unless absolutely necessary. Instead, create a or a dedicated low-privilege user account with only the specific permissions required to run that application. 4. Upgrade and Monitor
(Non-Sucking Service Manager) is a legitimate tool used to run any executable as a Windows service, it is frequently exploited for local privilege escalation (LPE)
: An attacker could exploit this vulnerability by creating or modifying a service configuration in a way that NSSM would execute a command or load a DLL with elevated privileges. This could be achieved through specially crafted service definitions that are then processed by NSSM.
High Attack Vector: Local Privileges Required: Low-privileged user (Authenticated, non-admin) User Interaction: None