CVE-2021-47807
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| syncbreeze | sync_breeze | 13.6.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47807 is an unquoted service path vulnerability in Sync Breeze version 13.6.18 on Windows. The service executable paths contain spaces but are not enclosed in quotation marks, allowing local attackers to place malicious executables in directories that Windows might execute instead of the legitimate service binaries. This lets attackers execute arbitrary code with elevated privileges by exploiting the way Windows parses unquoted paths in service configurations. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system with elevated privileges, leading to privilege escalation. Because the affected services run under the LocalSystem account and start automatically, an attacker can inject malicious executables that run with high privileges, potentially compromising confidentiality, integrity, and availability of the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by listing Windows services with auto-start mode excluding those in the Windows directory, and then querying the service configuration to check for unquoted service paths. Suggested commands include using Windows Management Instrumentation Command-line (WMIC) to list services: `wmic service where (startmode='auto' and pathname not like '%\\Windows%') get name,pathname,startmode` and then using the Service Control (sc) command to query the service configuration: `sc qc <service_name>`. Look for executable paths containing spaces that are not enclosed in quotation marks. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service paths by enclosing the executable paths in quotation marks to prevent execution of malicious executables placed in the path. Additionally, restrict local user permissions to prevent unauthorized file placement in directories preceding the legitimate service executable. Monitoring and auditing service configurations and applying any vendor patches or updates when available are also recommended. [1, 2]