CVE-2021-47806
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dupscout | dup_scout | 13.5.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47806 is an unquoted service path vulnerability in Dup Scout version 13.5.28 on Windows. The service executable path for Dup Scout Server is not enclosed in quotes, which allows local attackers to place malicious executables in certain path segments. When the service starts, Windows may execute these malicious executables, enabling the attacker to run arbitrary code and escalate privileges on the affected system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code with elevated privileges by exploiting the unquoted service path. This means an attacker with local access can escalate their privileges on the system, potentially gaining control over the affected machine and performing unauthorized actions. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service executable paths for unquoted paths in the Dup Scout services. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to list services with auto-start mode and query their binary paths to confirm if the paths are unquoted. For example, use the following commands: 1. List all services with auto-start mode: wmic service where startmode="auto" get name,pathname,startmode 2. Query the binary path of the Dup Scout service: sc qc "Dup Scout Server" Look for unquoted paths such as C:\Program Files\Dup Scout Server\bin\dupscts.exe without surrounding quotes, which indicate the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enclosing the service executable paths in quotes to prevent Windows from misinterpreting the path and allowing malicious executable injection. Specifically, update the service configuration to quote the path 'C:\Program Files\Dup Scout Server\bin\dupscts.exe'. Additionally, restrict local access to the affected system to trusted users only, as the vulnerability requires local attacker access. Applying any available patches or updates from the vendor that address this unquoted service path issue is also recommended. [1, 2]