CVE-2016-20091
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Windows Firewall Control version 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
Risk Assessment
This vulnerability poses a risk of privilege escalation, which could allow local attackers to gain control over the system. This may lead to serious security implications for the organization.
Recommendation
It is recommended to update Windows Firewall Control to the latest version to mitigate this vulnerability. Additionally, verify and secure service paths against unauthorized access.
Original NVD description (English source)
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.

