CVE-2016-20056
Unquoted Service Path Vulnerability in Spy Emergency Enables Privilege Escalation
Publication date: 2026-04-04
Last updated on: 2026-04-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgate | spy_emergency | 23.0.205 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the unquoted service path vulnerability in Spy Emergency build 23.0.205 directly affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2016-20056 is an unquoted service path vulnerability found in Spy Emergency build 23.0.205, specifically affecting the SpyEmrgHealth and SpyEmrgSrv services.
Because the service paths are not enclosed in quotes, local attackers can place malicious executable files in directories along the service path.
When the affected services are restarted or the system reboots, these malicious executables can be executed with LocalSystem privileges, allowing attackers to escalate their privileges on the system.
How can this vulnerability impact me? :
This vulnerability allows a local attacker with low privileges to escalate their privileges to LocalSystem level, which is the highest level of privilege on a Windows system.
By exploiting the unquoted service path, an attacker can execute arbitrary code with elevated privileges during service restart or system reboot.
This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of files, and disruption of system availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service paths of the SpyEmrgHealth and SpyEmrgSrv services for unquoted paths that contain spaces. Unquoted service paths allow attackers to place malicious executables in directories along the path.
On a Windows system, you can use the following command to check the service binary paths for unquoted spaces:
- sc qc SpyEmrgHealth
- sc qc SpyEmrgSrv
If the output shows the ImagePath with spaces but without surrounding quotes, the service is vulnerable. For example, a path like C:\Program Files\NETGATE\Spy Emergency\SpyEmrgSrv.exe without quotes indicates the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service paths to include quotes around the executable paths to prevent execution of malicious files placed in the path.
Alternatively, you can move the service executables to a path without spaces or restrict write permissions on directories in the service path to prevent attackers from placing malicious executables.
Additionally, restarting the affected services or rebooting the system after applying these changes will ensure that the vulnerability is not exploitable.