ByteOS Network

NVD Vulnerability Details :

CVE-2016-20056

Deferred

Source-disclosure@vulncheck.com

Published At-04 Apr, 2026 | 14:16

Updated At-16 Apr, 2026 | 16:15

Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.5	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-428	Primary	disclosure@vulncheck.com

CWE ID: CWE-428

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
http://www.spy-emergency.com/	disclosure@vulncheck.com	N/A
http://www.spy-emergency.com/download/download.php?id=1	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/40550	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/spy-emergency-build-unquoted-service-path-privilege-escalation	disclosure@vulncheck.com	N/A