CVE-2016-20086
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges.
Risk Assessment
Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges, posing a serious security threat to the system.
Recommendation
It is recommended to fix the service paths to be properly quoted and to monitor and restrict access to the RemoteBackup and RemoteBackup_webServer services.
Original NVD description (English source)
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.

