NCPA Windows Unquoted Service Path Enumeration

[WVUhealth]

Had a security finding on Windows systems about the NCPA agent having spaces in the path not double quoted.
Requesting the installer use double quotes when it sets the service path.
Below is the issue and resolution.

Description
Note that this is a generic test that will flag any application affected by the described vulnerability.
The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace.
A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Output
Nessus found the following service with an untrusted path :
NCPA : C:\Program Files\Nagios\NCPA\ncpa.exe

Solution
Ensure that any services that contain a space in the path enclose the path in quotes.

Instructions from https://isgovern.com/blog/how-to-fix-th ... erability/

Run the Registry Editor as an administrator
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NCPA
Click on the ‘ImagePath’ line on the right side of the panel and edit the path.
"C:\Program Files\Nagios\NCPA\ncpa.exe"

Effect will be seen in the system Service NCPA , but I did a reboot to validate.

One note to add. I tired to do this via the service control sc front end in a dos box but it did not do anything

You can query the current configuration using:
sc qc NCPA
sc config NCPA binPath= "C:\Program Files\Nagios\NCPA\ncpa.exe"

I did give NCPA a description.
sc description NCPA "Nagios Cross Platform Agent"

[phred]

Hey @WVUhealth

Thanks you for bringing this to our attention. We will look into it.

Can you tell me which version of NCPA you are using?

Thanks, Phred

[bbahn]

Hello @WVUhealth,

I have taken a look at this and have made an issue and MR resolving the vulnerability.

Thank you for finding and bringing this to our attention.