CVE-2016-20087
Received Received - Intake
Fortitude HTTP Unquoted Service Path Privilege Escalation

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2016-20087
EUVD
EUVD-2016-10900
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fortitude fortitude_http 1.0.4.0
networkdls fortitude_http to 1.0.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow a local, authorized but non-privileged user to escalate their privileges to SYSTEM level on the affected machine.

By exploiting the unquoted service path, an attacker can execute arbitrary code with the highest system privileges during service startup or system reboot, potentially leading to full system compromise.

Executive Summary

CVE-2016-20087 is an unquoted service path vulnerability in Fortitude HTTP version 1.0.4.0 and earlier. This flaw allows local users to execute arbitrary code with elevated SYSTEM privileges by exploiting the way the service binary path is handled.

Because the service path is unquoted, an attacker can place a malicious executable with a crafted name in the system root path. When the Fortitude HTTP service starts or the system reboots, this malicious executable is run with SYSTEM privileges, enabling privilege escalation and arbitrary code execution.

Detection Guidance

This vulnerability involves an unquoted service path for the Fortitude HTTP service running with SYSTEM privileges. To detect it on your system, you can check the service path for unquoted spaces which may allow privilege escalation.

A common method is to query the service executable path using Windows command line tools and inspect if the path is unquoted and contains spaces.

  • Use the command: sc qc "Fortitude HTTP" - This displays the service configuration including the binary path.
  • Use PowerShell to get the ImagePath: Get-WmiObject win32_service | Where-Object {$_.Name -eq 'Fortitude HTTP'} | Select-Object Name, PathName
  • Check if the PathName contains spaces and is not enclosed in quotes.

If the service path is unquoted and contains spaces, it indicates the presence of this vulnerability.

Mitigation Strategies

To mitigate this vulnerability, you should immediately correct the service path by enclosing it in quotes to prevent execution of malicious executables placed in the system root path.

Alternatively, update Fortitude HTTP to a version later than 1.0.4.0 where this vulnerability is fixed, such as version 1.0.4.2 or later.

As a temporary measure, restrict local user permissions to prevent unauthorized users from placing executables in system directories.

Also, monitor and audit the system root and service directories for any suspicious executable files.

Finally, consider rebooting the system after applying fixes to ensure no malicious code executes during service startup.

Compliance Impact

The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20087. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart