CVE-2016-20056
Received Received - Intake
Unquoted Service Path Vulnerability in Spy Emergency Enables Privilege Escalation

Publication date: 2026-04-04

Last updated on: 2026-04-04

Assigner: VulnCheck

Description
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-04
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2016-20056
EUVD
EUVD-2016-10863
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netgate spy_emergency 23.0.205
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the unquoted service path vulnerability in Spy Emergency build 23.0.205 directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2016-20056 is an unquoted service path vulnerability found in Spy Emergency build 23.0.205, specifically affecting the SpyEmrgHealth and SpyEmrgSrv services.

Because the service paths are not enclosed in quotes, local attackers can place malicious executable files in directories along the service path.

When the affected services are restarted or the system reboots, these malicious executables can be executed with LocalSystem privileges, allowing attackers to escalate their privileges on the system.

Impact Analysis

This vulnerability allows a local attacker with low privileges to escalate their privileges to LocalSystem level, which is the highest level of privilege on a Windows system.

By exploiting the unquoted service path, an attacker can execute arbitrary code with elevated privileges during service restart or system reboot.

This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of files, and disruption of system availability.

Detection Guidance

This vulnerability can be detected by checking the service paths of the SpyEmrgHealth and SpyEmrgSrv services for unquoted paths that contain spaces. Unquoted service paths allow attackers to place malicious executables in directories along the path.

On a Windows system, you can use the following command to check the service binary paths for unquoted spaces:

  • sc qc SpyEmrgHealth
  • sc qc SpyEmrgSrv

If the output shows the ImagePath with spaces but without surrounding quotes, the service is vulnerable. For example, a path like C:\Program Files\NETGATE\Spy Emergency\SpyEmrgSrv.exe without quotes indicates the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, immediately update the service paths to include quotes around the executable paths to prevent execution of malicious files placed in the path.

Alternatively, you can move the service executables to a path without spaces or restrict write permissions on directories in the service path to prevent attackers from placing malicious executables.

Additionally, restarting the affected services or rebooting the system after applying these changes will ensure that the vulnerability is not exploitable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20056. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart