Description
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Published: 2026-04-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An unquoted service path flaw in the AmitiAvSrv and AmitiAntivirusHealth services of Netgate AMITI Antivirus build 23.0.305 allows a local attacker with write access to the file system to place a malicious executable along the unquoted path. When the service is restarted or the system reboots, Windows resolves the unquoted path and executes the attacker–supplied file with LocalSystem privileges, effectively escalating the attacker’s rights. This weakness corresponds to CWE‑428, which describes the risk arising from improper construction of executable paths that may be interpreted incorrectly by the operating system.

Affected Systems

The vulnerability affects Netgate AMITI Antivirus build 23.0.305. No other product versions are listed as impacted in the advisory.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity for a local privilege escalation. Exploitation requires a local user to write to the installation directory and to trigger a service restart or system reboot. Because the EPSS score is not available and the vulnerability is not catalogued in the CISA KEV list, the public exploit risk is uncertain but the impact remains significant if the conditions are met. Until a vendor patch is applied, systems remain at risk from this local attack vector.

Generated by OpenCVE AI on April 4, 2026 at 17:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any Netgate update or patch that corrects the unquoted service path issue.
  • If a patch is unavailable, restrict local users from restarting the AmitiAvSrv and AmitiAntivirusHealth services or rebooting the system until a fix is applied.
  • Modify the service registration to enclose the executable path in quotes, ensuring the operating system interprets it correctly before a restart or reboot.

Generated by OpenCVE AI on April 4, 2026 at 17:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Netgate amiti Antivirus
CPEs cpe:2.3:a:netgate:amiti_antivirus:*:*:*:*:*:*:*:*
Vendors & Products Netgate amiti Antivirus

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Netgate
Netgate netgate Amiti Antivirus
Vendors & Products Netgate
Netgate netgate Amiti Antivirus

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Title Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Netgate Amiti Antivirus Netgate Amiti Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T17:52:16.457Z

Reserved: 2026-04-04T13:41:12.280Z

Link: CVE-2016-20058

cve-icon Vulnrichment

Updated: 2026-04-06T17:52:07.396Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-04T14:16:18.390

Modified: 2026-04-27T13:28:30.227

Link: CVE-2016-20058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:53Z

Weaknesses