CVE-2016-20089
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. Attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.
Risk Assessment
This vulnerability poses a serious security risk by allowing local users to gain full system privileges. This could lead to unauthorized access to data and potential attacks on the organization's infrastructure.
Recommendation
It is recommended to update Iperius Remote to the latest version to mitigate this vulnerability. Additionally, avoid installing services in directories that contain spaces.
Original NVD description (English source)
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.

