CVE-2016-20058

EUVD-2016-10865
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
netgateamiti_antivirus
𝑥
≤ 23.0.305
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.netgate.sk/
http://www.netgate.sk/download/download.php?id=11
https://www.exploit-db.com/exploits/40540
https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation