CVE Catalog

CVE-2016-20092

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

NetDrive version 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot.

Risk Assessment

This vulnerability poses a risk of privilege escalation, potentially allowing unauthorized users to gain control over the system. This could lead to serious security implications for the organization.

Recommendation

It is recommended to update NetDrive to the latest version to mitigate this vulnerability. Additionally, monitoring and restricting access to system paths should be implemented to prevent the introduction of malicious software.

Original NVD description (English source)

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS