CVE-2016-20057
Unquoted Service Path Vulnerability in NETGATE Registry Cleaner Enables Privilege Escalation
Publication date: 2026-04-04
Last updated on: 2026-04-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgate | registry_cleaner | to 16.0.205 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local attackers to escalate privileges to LocalSystem by exploiting an unquoted service path, potentially enabling unauthorized access to sensitive system functions and data.
Such unauthorized privilege escalation can lead to violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and system integrity.
If exploited, this vulnerability could result in unauthorized disclosure, modification, or destruction of protected information, thereby impacting compliance with these regulations.
Can you explain this vulnerability to me?
The vulnerability in NETGATE Registry Cleaner build 16.0.205 is an unquoted service path privilege escalation issue in the NGRegClnSrv service.
Because the service binary path is not enclosed in quotes, a local attacker can place a malicious executable in a directory path that Windows parses before the legitimate service executable.
When the service restarts or the system reboots, Windows may execute the malicious executable instead of the intended one.
Since the service runs with LocalSystem privileges, this allows the attacker to escalate their privileges to SYSTEM level.
How can this vulnerability impact me? :
This vulnerability allows a local attacker with write access to certain directories to execute arbitrary code with elevated LocalSystem privileges.
The attacker can place a malicious executable in the unquoted service path and trigger its execution by restarting the service or rebooting the system.
As a result, the attacker gains full control over the affected system, potentially leading to unauthorized access, data theft, or system compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for the NGRegClnSrv service to see if the service binary path is unquoted.
You can use the following Windows command to inspect the service configuration and verify if the path is unquoted:
- sc qc NGRegClnSrv
If the binary path shown is not enclosed in quotes, it indicates the presence of the unquoted service path vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the unquoted service path vulnerability in NETGATE Registry Cleaner build 16.0.205, immediately verify the service binary path configuration using the command: sc qc NGRegClnSrv.
Ensure that the service path is properly quoted to prevent execution of malicious executables placed in directories parsed before the legitimate service executable.
Restrict write permissions on directories in the service path to prevent local attackers from placing malicious executables.
If possible, update or patch the software to a version where this vulnerability is fixed.
As a temporary measure, avoid restarting the NGRegClnSrv service or rebooting the system until the issue is resolved to prevent triggering the exploit.