CVE-2021-47739
Unquoted Service Path in Epic Games Easy Anti-Cheat Allows Privilege Escalation
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| epic_games | easy_anti_cheat | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47739 is a local privilege escalation vulnerability in Epic Games Easy Anti-Cheat 4.0 caused by an unquoted service path. This means that the Windows service for Easy Anti-Cheat has a misconfigured file path without quotes, allowing a local non-privileged user to place malicious executables in certain directories. When the service starts or the system reboots, the operating system may execute the malicious code with elevated LocalSystem privileges, effectively allowing the attacker to run arbitrary code with high system privileges. [1, 3, 5]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local non-privileged user to execute arbitrary code with elevated system privileges (LocalSystem). This can lead to full system compromise, unauthorized access, and control over the affected machine. Attackers could install malware, steal sensitive data, or disrupt system operations by leveraging the elevated privileges gained through this vulnerability. [1, 3, 5]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service path of the Easy Anti-Cheat service for unquoted spaces. On a Windows system, you can use the command: sc qc EasyAntiCheat. If the binary path contains spaces and is not enclosed in quotes, the system is vulnerable. Additionally, you can inspect the service configuration in the registry or use tools that enumerate unquoted service paths to identify this issue. [1, 3, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the service path by enclosing it in quotes to prevent the operating system from misinterpreting the path and executing malicious code. Alternatively, restrict write permissions on directories in the service path to prevent unauthorized users from placing malicious executables. Since no official patch or vendor fix is mentioned, these configuration changes and permission restrictions are the recommended immediate actions. [1, 3, 5]