CVE-2021-47787
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totalav | totalav | 5.15.69 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47787 is an unquoted service path vulnerability in TotalAV version 5.15.69. Multiple system services running with LocalSystem privileges have executable paths that include spaces but lack proper quotation marks. This misconfiguration allows an attacker with local access to place malicious executables in specific unquoted path segments. When the service starts, the system may execute the malicious executable instead of the intended one, potentially granting the attacker SYSTEM-level access and full control over the system. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate their privileges from a low-privileged user to SYSTEM-level access on the affected Windows system. By placing a malicious executable in an unquoted path segment, the attacker can hijack the service execution flow and gain full control over the system, compromising confidentiality, integrity, and availability of the system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service executable paths for unquoted spaces in the TotalAV services running with SYSTEM privileges. You can use the Windows command line to query the service configuration and inspect the paths. For example, use the command `sc qc SecurityService` to check the SecurityService path, `sc qc SecurityServiceMonitor` for the monitoring service, and `sc qc AMSProtectedService` for the AMSProtectedService. Look for unquoted paths containing spaces such as `C:\Program Files (x86)\TotalAV\SecurityService.exe`. If the paths are unquoted, the system is vulnerable to this issue. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the service executable paths are properly quoted to prevent execution of malicious executables placed in unquoted path segments. Since the vulnerability arises from unquoted service paths, you should update or patch TotalAV to a version where this issue is fixed. Alternatively, manually edit the service paths to include quotes around the executable paths or restrict local user write permissions to directories in the service path to prevent placing malicious executables. Additionally, monitor and restrict local user access to prevent exploitation. [1, 3]