CVE-2016-20091 | Windows Firewall Control 4.8.6.0 contains an unquoted servic… | CVSS 7.8 HIGH

Description

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.

Metadata

CVE ID: CVE-2016-20091
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:22 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Binisoft / Windows Firewall Control
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Binisoft	Windows Firewall Control	—	4.8.6.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ExploitDB-40443 https://www.exploit-db.com/exploits/40443
Official Product Homepage http://www.binisoft.org
VulnCheck Advisory: Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/windows-firewall-control-unquoted-service-path-privilege-escalation