CVE-2016-20087 | Fortitude HTTP 1.0.4.0 contains an unquoted service path vul… | CVSS 7.8 HIGH

Description

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.

Metadata

CVE ID: CVE-2016-20087
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:16 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Networkdls / Fortitude HTTP
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Networkdls	Fortitude HTTP	—	1.0.4.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-40461 https://www.exploit-db.com/exploits/40461
Official Product Homepage http://www.networkdls.com/
Product Reference http://www.networkdls.com/Software/View/Fortitude_HTTP
VulnCheck Advisory: Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege https://www.vulncheck.com/advisories/fortitude-http-unquoted-service-path-elevation-of-privilege