CVE-2021-47864
Unknown Unknown - Not Provided

Unquoted Service Path Vulnerability in OSAS Traverse Extension Allows Privilege Escalation

Vulnerability report for CVE-2021-47864, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-07-06
AI Q&A
2026-01-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
osas traverse_extension 11

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2021-47864 is an unquoted service path vulnerability in the OSAS Traverse Extension 11's TravExtensionHostSvc service. Because the service's executable path contains spaces but is not enclosed in quotes, an attacker with local access can place a malicious executable in a location that Windows might mistakenly execute instead of the legitimate service binary. Since the service runs with LocalSystem privileges, this can lead to arbitrary code execution with elevated privileges. [1, 3]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges by executing malicious code with the same high-level privileges as the TravExtensionHostSvc service, which runs under the LocalSystem account. This means an attacker could gain full control over the affected system, potentially leading to system compromise, data theft, or disruption of services. [1, 3]

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths, especially for the 'travextensionhostsvc' service. Commands such as 'wmic service get name,pathname,startmode | findstr /i "Auto"' can list services with auto start. Then, filter for service paths that contain spaces but are not enclosed in quotes and do not start with 'C:\Windows\'. Additionally, you can query the specific service configuration using 'sc.exe qc travextensionhostsvc' to inspect the binary path for unquoted spaces. [1]

Mitigation Strategies

Immediate mitigation involves correcting the unquoted service path by enclosing the executable path in quotes to prevent path-based code injection. Specifically, update the 'travextensionhostsvc' service configuration to quote the binary path, for example changing it to "C:\Program Files\Open Systems,Inc\TRAVERSE\TRAVERSE.Host.CustomExtensions.exe". This prevents attackers from placing malicious executables in the service path that could be executed with elevated privileges. [1, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47864. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart