CVE-2024-58315 – Tosibox Key Service 3.3.0 has an unquoted servi... (How to Fix)

Q: What is the severity of CVE-2024-58315?

CVE-2024-58315 has a CVSS score of 7.8 (HIGH). Tosibox Key Service 3.3.0 has an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in the service path to gain elevated access during service startup or system reboot. This affects systems running Tosibox Key Service 3.3.0 on Windows.

📋 TL;DR

Tosibox Key Service 3.3.0 has an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in the service path to gain elevated access during service startup or system reboot. This affects systems running Tosibox Key Service 3.3.0 on Windows.

💻 Affected Systems

Products:

Tosibox Key Service

Versions: 3.3.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows systems where Tosibox Key Service is installed with an unquoted service path.

📦 What is this software?

Tosibox Key by Tosi

View all CVEs affecting Tosibox Key →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full SYSTEM privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement within the network.

🟠

Likely Case

Local user escalates privileges to SYSTEM level, allowing installation of malware, credential harvesting, and bypassing security controls.

🟢

If Mitigated

Attack is prevented through proper service configuration, path restrictions, or privilege separation, limiting impact to unauthorized code execution attempts.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any local user (including low-privileged accounts) can potentially exploit this to gain SYSTEM privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is straightforward once access is obtained. Public proof-of-concept details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.tosi.net/

Restart Required: Yes

Instructions:

1. Check Tosibox website for security updates. 2. If patch is available, download and install. 3. Restart the Tosibox Key Service. 4. Verify service path is properly quoted.

🔧 Temporary Workarounds

Quote Service Path

windows

Modify the Tosibox Key Service to use a quoted service path in Windows Registry

sc config "Tosibox Key Service" binPath= "\"C:\Program Files\Tosibox\KeyService.exe\""

Restrict Write Permissions

windows

Remove write permissions for non-administrative users on directories in the service path

icacls "C:\Program Files\Tosibox" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Implement strict access controls to limit local user access to affected systems
Monitor for suspicious service modifications and unauthorized executable creation in system paths

🔍 How to Verify

Check if Vulnerable:

Check if Tosibox Key Service 3.3.0 is installed and verify service path is unquoted using: sc qc "Tosibox Key Service"

Check Version:

Check installed version in Programs and Features or via registry: reg query "HKLM\SOFTWARE\Tosibox" /v Version

Verify Fix Applied:

Verify service path is properly quoted and no unauthorized executables exist in the service path directories

📡 Detection & Monitoring

Log Indicators:

Unexpected service restarts of Tosibox Key Service
Creation of executables in system paths by non-privileged users
Failed privilege escalation attempts in security logs

Network Indicators:

Unusual outbound connections from Tosibox Key Service process
Lateral movement attempts from affected system

SIEM Query:

EventID=4688 AND ProcessName="Tosibox*" AND SubjectUserName NOT IN ("SYSTEM", "Administrator")

📊 Metadata

CVE ID: CVE-2024-58315

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: December 30, 2025

Last Updated: January 16, 2026

🔗 References

https://packetstormsecurity.com/files/177260/ Third Party Advisory
https://www.tosi.net/ Product
https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php Exploit,Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58315, you might also want to check these: