CVE-2016-20089
Published: 19 June 2026
Summary
CVE-2016-20089 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Iperiusremote (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10902
Vulnerability details
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path…
more
to be executed with elevated privileges during service startup or system reboot.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.