CVE-2016-20058
Published: 04 April 2026
Summary
CVE-2016-20058 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Netgate Amiti Antivirus. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 49.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2016-20058 is an unquoted service path vulnerability affecting Netgate AMITI Antivirus build 23.0.305, specifically in the AmitiAvSrv and AmitiAntivirusHealth services. This issue, mapped to CWE-428, allows local attackers to escalate privileges by exploiting the lack of quotes around the service binary path in the Windows registry. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with low complexity and requiring only local access and low privileges.
Local attackers with existing low-privilege access on the system can exploit this by placing a malicious executable in a directory that precedes the legitimate service binary in the system's PATH search order. By triggering a service restart or system reboot, the malicious executable executes with LocalSystem privileges, potentially granting full control over the system, including high confidentiality, integrity, and availability impacts.
Advisories and references include a detailed write-up from VulnCheck on the unquoted service path privilege escalation, an exploit published on Exploit-DB (ID 40540), and links to the vendor site at netgate.sk along with a potential download page. No specific patch details are outlined in the provided information, but security practitioners should check vendor resources for updates to affected builds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10865
Vulnerability details
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or…
more
system reboot to execute code with LocalSystem privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path in Windows services directly enables path interception for privilege escalation to LocalSystem.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and correction of flaws like the unquoted service path in the affected antivirus services to prevent privilege escalation.
Mandates secure configuration settings for system components, including properly quoting service executable paths in the Windows registry to block path hijacking by malicious executables.
Enforces least privilege for processes and services, limiting the privileges obtainable via hijacking the vulnerable antivirus services even if escalation occurs.