CVE-2021-47767
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: VulnCheck

Description
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47767
EUVD
EUVD-2026-2769
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
10-strike network_inventory_explorer_pro 9.31
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in the srvInventoryWebServer service of 10-Strike Network Inventory Explorer Pro 9.31. Because the service executable path contains spaces and is not enclosed in quotes, Windows may incorrectly parse the path and execute a malicious executable placed by an attacker in a higher-level directory. This allows a local attacker to escalate privileges and execute code with system-level permissions. [1]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with system-level privileges on the affected machine. This means the attacker can gain full control over the system, potentially leading to unauthorized access, data theft, or disruption of services. [1]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the Windows service configuration, specifically for the 'srvInventoryWebServer' service. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to identify services with unquoted paths that start automatically but do not reside in the Windows directory. For example, use the command: wmic service get name,pathname,startmode | findstr /i "srvInventoryWebServer" to view the service path. Also, use sc qc srvInventoryWebServer to query the service configuration and check if the executable path is unquoted and contains spaces. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately enclose the service executable path in quotes to prevent Windows from misinterpreting the path and executing malicious executables. Specifically, update the 'srvInventoryWebServer' service configuration to quote the full path to InventoryWebServer.exe. Additionally, restrict write permissions on directories in the service path to prevent attackers from placing malicious executables. Ensure that only trusted administrators have the ability to modify files in these directories. Applying the latest patches or updates from the vendor, if available, is also recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47767. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart