CVE-2021-47898
Unquoted Service Path Vulnerability in Epson EMP_UDSA Service Grants Elevated Access
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| epson | usb_display | 1.6.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the Epson USB Display version 1.6.0.0, specifically in the EMP_UDSA service that runs with LocalSystem privileges. Because the service path contains spaces and is not enclosed in quotes, an attacker with local access can place malicious executables in intermediate directories of the service path. When the system attempts to execute the service, it may run the malicious executable instead of the legitimate one, allowing the attacker to escalate privileges and gain elevated system access. [1, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker with local access to escalate their privileges to LocalSystem level, which is the highest privilege on a Windows system. This means the attacker can gain full control over the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service path of the EMP_UDSA service for unquoted spaces. On a Windows system, you can use commands such as: 1) Using PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -eq 'EMP_UDSA' } | Select-Object Name, PathName 2) Using Command Prompt: sc qc EMP_UDSA These commands will show the executable path of the service. If the path contains spaces and is not enclosed in quotes, the system is vulnerable to this unquoted service path issue. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should enclose the service executable path in quotes to prevent the system from executing malicious executables placed in intermediate directories. This can be done by modifying the service configuration to quote the path. Alternatively, ensure that no untrusted users have write access to directories in the service path, and apply the latest patches or updates from Epson if available. [1, 3]