CVE-2021-47884
Unquoted Service Path Vulnerability in OKI Local Port Manager
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oki | configuration_tool | 1.6.53 |
| oki | print_job_accounting | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the OKI Local Port Manager service (OpLclSrv) of OKI Configuration Tool version 1.6.53. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a directory along the path. When the service starts, the system may execute the malicious executable instead of the legitimate one, allowing the attacker to run arbitrary code with elevated privileges. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with low privileges to execute arbitrary code with elevated privileges on the affected system. This means the attacker can escalate their privileges, potentially gaining full control over the system, which can lead to unauthorized actions, data compromise, or system manipulation. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths, specifically for the OKI Local Port Manager service named 'OpLclSrv'. You can use the following commands on a Windows system: 1. Use WMIC to list services with automatic start mode excluding those in the Windows directory: wmic service where "startmode='auto' and pathname not like '%Windows%'" get name,pathname,startmode 2. Use the SC command to query the service configuration and check if the binary path is unquoted: sc qc OpLclSrv If the path to the executable (e.g., C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe) is unquoted and contains spaces, the system is vulnerable to this unquoted service path issue. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should quote the service path for the 'OpLclSrv' service to prevent execution of malicious executables placed in the path. This involves modifying the service configuration to enclose the executable path in double quotes, for example: "C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe". Additionally, ensure that only trusted users have local access to the system, as exploitation requires local access. Applying any available patches or updates from OKI for the Configuration Tool is also recommended once released. [2, 3]