CVE-2021-47739
Unknown Unknown - Not Provided
Unquoted Service Path in Epic Games Easy Anti-Cheat Allows Privilege Escalation

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: VulnCheck

Description
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47739
EUVD
EUVD-2025-204818
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
epic_games easy_anti_cheat 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47739 is a local privilege escalation vulnerability in Epic Games Easy Anti-Cheat 4.0 caused by an unquoted service path. This means that the Windows service for Easy Anti-Cheat has a misconfigured file path without quotes, allowing a local non-privileged user to place malicious executables in certain directories. When the service starts or the system reboots, the operating system may execute the malicious code with elevated LocalSystem privileges, effectively allowing the attacker to run arbitrary code with high system privileges. [1, 3, 5]

Impact Analysis

If exploited, this vulnerability allows a local non-privileged user to execute arbitrary code with elevated system privileges (LocalSystem). This can lead to full system compromise, unauthorized access, and control over the affected machine. Attackers could install malware, steal sensitive data, or disrupt system operations by leveraging the elevated privileges gained through this vulnerability. [1, 3, 5]

Detection Guidance

This vulnerability can be detected by checking the service path of the Easy Anti-Cheat service for unquoted spaces. On a Windows system, you can use the command: sc qc EasyAntiCheat. If the binary path contains spaces and is not enclosed in quotes, the system is vulnerable. Additionally, you can inspect the service configuration in the registry or use tools that enumerate unquoted service paths to identify this issue. [1, 3, 5]

Mitigation Strategies

Immediate mitigation steps include correcting the service path by enclosing it in quotes to prevent the operating system from misinterpreting the path and executing malicious code. Alternatively, restrict write permissions on directories in the service path to prevent unauthorized users from placing malicious executables. Since no official patch or vendor fix is mentioned, these configuration changes and permission restrictions are the recommended immediate actions. [1, 3, 5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47739. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart