Search criteria Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

1 vulnerability by Hotspotshield

CVE-2016-20060 (GCVE-0-2016-20060)

Vulnerability from cvelistv5 – Published: 2026-04-04 13:51 – Updated: 2026-04-04 19:59
VLAI?
Title
Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation
Summary
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges.
Severity ?
8.5 (High)
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Vendor Product Version
Hotspotshield Hotspot Shield Affected: 6.0.3
Create a notification for this product.
Date Public ?
2016-10-13 00:00
Credits
Amir.ght
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Hotspot Shield",
          "vendor": "Hotspotshield",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:pango:hotspot_shield:6.0.3:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Amir.ght"
        }
      ],
      "datePublic": "2016-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-04T19:59:48.853Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-40528",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40528"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.hotspotshield.com"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://www.hotspotshield.com/download/"
        },
        {
          "name": "VulnCheck Advisory: Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/hotspot-shield-unquoted-service-path-privilege-escalation"
        }
      ],
      "title": "Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2016-20060",
    "datePublished": "2026-04-04T13:51:04.326Z",
    "dateReserved": "2026-04-04T13:43:09.305Z",
    "dateUpdated": "2026-04-04T19:59:48.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}