CVE-2016-20091 in Windows Firewall Controlinfo

Summary

by MITRE • 06/19/2026

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/19/2026

Disclosure

06/19/2026

Moderation

accepted

Entry

VDB-372390

CPE

ready

CWE

CWE-428 (confirmed)

Exploit

Download

CVSS

7.8 (CNA)

EPSS

0.00000

KEV

Activities

low

Sector

Pharma, Hospital, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20091
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20091
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20091/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!