CVE-2021-47787
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47787
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totalav totalav 5.15.69
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47787 is an unquoted service path vulnerability in TotalAV version 5.15.69. Multiple system services running with LocalSystem privileges have executable paths that include spaces but lack proper quotation marks. This misconfiguration allows an attacker with local access to place malicious executables in specific unquoted path segments. When the service starts, the system may execute the malicious executable instead of the intended one, potentially granting the attacker SYSTEM-level access and full control over the system. [1, 3]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges from a low-privileged user to SYSTEM-level access on the affected Windows system. By placing a malicious executable in an unquoted path segment, the attacker can hijack the service execution flow and gain full control over the system, compromising confidentiality, integrity, and availability of the system. [1, 3]

Detection Guidance

This vulnerability can be detected by checking the service executable paths for unquoted spaces in the TotalAV services running with SYSTEM privileges. You can use the Windows command line to query the service configuration and inspect the paths. For example, use the command `sc qc SecurityService` to check the SecurityService path, `sc qc SecurityServiceMonitor` for the monitoring service, and `sc qc AMSProtectedService` for the AMSProtectedService. Look for unquoted paths containing spaces such as `C:\Program Files (x86)\TotalAV\SecurityService.exe`. If the paths are unquoted, the system is vulnerable to this issue. [3]

Mitigation Strategies

Immediate mitigation steps include ensuring that the service executable paths are properly quoted to prevent execution of malicious executables placed in unquoted path segments. Since the vulnerability arises from unquoted service paths, you should update or patch TotalAV to a version where this issue is fixed. Alternatively, manually edit the service paths to include quotes around the executable paths or restrict local user write permissions to directories in the service path to prevent placing malicious executables. Additionally, monitor and restrict local user access to prevent exploitation. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart