CVE-2021-47866
Unquoted Service Path in WIN-PACK PRO GuardTourService Enables Privilege Escalation
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| honeywell | win-pack_pro | 4.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47866 is an unquoted service path vulnerability in WIN-PACK PRO 4.8's GuardTourService. Because the service executable path is not enclosed in quotes, a local attacker can exploit this by placing malicious code in a path that the system might misinterpret due to spaces in directory names. This malicious code would then execute with elevated system privileges during the service startup, allowing privilege escalation. [1, 3]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute malicious code with elevated system privileges, potentially leading to full system compromise. It impacts confidentiality, integrity, and availability at a high level by enabling privilege escalation through code injection during service startup. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically for the 'GuardTourService'. You can use the following commands to identify such services: 1) Use WMIC to list services with automatic start mode and filter out those located in the Windows directory and those with quoted paths: `wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v '"'` 2) Use the Service Control command to query the specific service configuration: `sc qc "GuardTourService"` These commands help confirm if the service executable path is unquoted, indicating the vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotation marks to prevent malicious code injection. Specifically, update the service configuration so that the path to the executable 'C:\Program Files (x86)\WINPAKPRO\WP GuardTour Service.exe' is enclosed in quotes. Additionally, restrict local user permissions to prevent unauthorized code placement in directories referenced by the service path. Applying the latest patches or updates from Honeywell for WIN-PACK PRO 4.8, if available, is also recommended. [1, 2, 3]