CVE Catalog

CVE-2016-20089

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. Attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.

Risk Assessment

This vulnerability poses a serious security risk by allowing local users to gain full system privileges. This could lead to unauthorized access to data and potential attacks on the organization's infrastructure.

Recommendation

It is recommended to update Iperius Remote to the latest version to mitigate this vulnerability. Additionally, avoid installing services in directories that contain spaces.

Original NVD description (English source)

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS