CVE-2021-47887
Unquoted Service Path in OKI Print Job Accounting Enables Code Execution
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oki | print_job_accounting | 4.4.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the 'OkiJaSvc' service of OKI Print Job Accounting version 4.4.10. Because the service path "C:\Program Files\Okidata\Print Job Accounting\" is not enclosed in quotes, Windows may incorrectly interpret the path and allow a local attacker to place malicious executables in certain locations within the path. When the service starts, it may execute these malicious files, enabling the attacker to run arbitrary code and escalate their privileges on the system. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker with low privileges to execute arbitrary code with higher privileges, potentially leading to full system control. This can compromise the confidentiality, integrity, and availability of the affected system, as the attacker could install malware, alter data, or disrupt services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unquoted service paths in the 'OkiJaSvc' service. Useful commands include: - `wmic service get name, displayname, pathname, startmode` filtered to show auto-start services with executable paths outside the Windows directory to identify unquoted paths. - `sc qc OkiJaSvc` to query the service configuration and confirm the binary path and start mode. These commands help identify if the service path is unquoted and vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enclosing the service executable path in quotes to prevent path parsing issues, thereby blocking the ability to inject malicious executables. Additionally, restrict local access to trusted users only, as exploitation requires local access. If possible, update or patch the Print Job Accounting software to a version where this vulnerability is fixed. [1, 2]