{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20058", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-04T13:41:12.280Z", "datePublished": "2026-04-04T13:51:01.284Z", "dateUpdated": "2026-04-06T17:52:16.457Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:47.374Z"}, "datePublic": "2016-10-17T00:00:00.000Z", "title": "Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation", "descriptions": [{"lang": "en", "value": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Unquoted Search Path or Element", "cweId": "CWE-428", "type": "CWE"}]}], "affected": [{"vendor": "Netgate", "product": "NETGATE AMITI Antivirus", "versions": [{"version": "23.0.305", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/40540", "name": "ExploitDB-40540", "tags": ["exploit"]}, {"url": "http://www.netgate.sk/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.netgate.sk/download/download.php?id=11", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation"}], "credits": [{"lang": "en", "value": "Amir.ght", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T17:51:28.349035Z", "id": "CVE-2016-20058", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T17:52:16.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20058", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T17:51:28.349035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T17:52:07.396Z"}}], "cna": {"title": "Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Amir.ght"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Netgate", "product": "NETGATE AMITI Antivirus", "versions": [{"status": "affected", "version": "23.0.305"}]}], "datePublic": "2016-10-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/40540", "name": "ExploitDB-40540", "tags": ["exploit"]}, {"url": "http://www.netgate.sk/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.netgate.sk/download/download.php?id=11", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation", "name": "VulnCheck Advisory: Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-04T19:59:47.374Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20058", "state": "PUBLISHED", "dateUpdated": "2026-04-06T17:52:16.457Z", "dateReserved": "2026-04-04T13:41:12.280Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-04T13:51:01.284Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netgate:amiti_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "1093AC55-C8AD-4473-8B44-F67ECDAC72D4", "versionEndIncluding": "23.0.305", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges."}], "id": "CVE-2016-20058", "lastModified": "2026-04-27T13:28:30.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-04T14:16:18.390", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.netgate.sk/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.netgate.sk/download/download.php?id=11"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40540"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/netgate-amiti-antivirus-build-unquoted-service-path-privilege-escalation"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "23.0.305"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "NETGATE AMITI Antivirus", "source": "cna", "vendor": "Netgate"}, "product": "netgate_amiti_antivirus", "vendor": "netgate"}], "analysis": {"en": {"generated_at": "2026-04-04T17:53:35.883109+00:00", "value": {"mitigation_remediation": ["Check for and install any Netgate update or patch that corrects the unquoted service path issue.", "If a patch is unavailable, restrict local users from restarting the AmitiAvSrv and AmitiAntivirusHealth services or rebooting the system until a fix is applied.", "Modify the service registration to enclose the executable path in quotes, ensuring the operating system interprets it correctly before a restart or reboot."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Netgate AMITI Antivirus build 23.0.305. No other product versions are listed as impacted in the advisory.", "description_and_impact": "An unquoted service path flaw in the AmitiAvSrv and AmitiAntivirusHealth services of Netgate AMITI Antivirus build 23.0.305 allows a local attacker with write access to the file system to place a malicious executable along the unquoted path. When the service is restarted or the system reboots, Windows resolves the unquoted path and executes the attacker\u2013supplied file with LocalSystem privileges, effectively escalating the attacker\u2019s rights. This weakness corresponds to CWE\u2011428, which describes the risk arising from improper construction of executable paths that may be interpreted incorrectly by the operating system.", "risk_and_exploitability": "The CVSS score of 8.5 indicates high severity for a local privilege escalation. Exploitation requires a local user to write to the installation directory and to trigger a service restart or system reboot. Because the EPSS score is not available and the vulnerability is not catalogued in the CISA KEV list, the public exploit risk is uncertain but the impact remains significant if the conditions are met. Until a vendor patch is applied, systems remain at risk from this local attack vector."}}}}, "created": "2026-04-06T20:27:18.647976+00:00", "updated": "2026-04-06T21:57:53.446776+00:00", "vendors": ["netgate", "netgate$PRODUCT$netgate_amiti_antivirus"]}