CVE Catalog

CVE-2016-20086

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges.

Risk Assessment

Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges, posing a serious security threat to the system.

Recommendation

It is recommended to fix the service paths to be properly quoted and to monitor and restrict access to the RemoteBackup and RemoteBackup_webServer services.

Original NVD description (English source)

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS