CVE-2016-20092
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
NetDrive version 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot.
Risk Assessment
This vulnerability poses a risk of privilege escalation, potentially allowing unauthorized users to gain control over the system. This could lead to serious security implications for the organization.
Recommendation
It is recommended to update NetDrive to the latest version to mitigate this vulnerability. Additionally, monitoring and restricting access to system paths should be implemented to prevent the introduction of malicious software.
Original NVD description (English source)
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.

