CVE-2021-47945
Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| argus | surveillance_dvr | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2021-47945 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2021-47945 is an unquoted service path vulnerability found in Argus Surveillance DVR 4.0's DVRWatchdog service. This vulnerability occurs because the service's executable path is not enclosed in quotes, allowing local attackers to exploit the path parsing behavior in Windows.
An attacker can place a malicious executable in a directory with a name that matches a prefix of the service path, such as "C:\Program.exe", which will be executed with LocalSystem privileges when the service starts. This effectively allows the attacker to escalate their privileges on the affected system.
How can this vulnerability impact me? :
This vulnerability allows local attackers to escalate their privileges to LocalSystem level by exploiting the unquoted service path. Once exploited, the attacker can execute malicious code with the highest system privileges.
- Attackers can gain full control over the affected system.
- They can install persistent malware or backdoors.
- They can bypass security restrictions and access sensitive data.
- The system's integrity and availability can be compromised.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths, specifically for the DVRWatchdog service used by Argus Surveillance DVR 4.0.
On a Windows system, you can query the service configuration to identify if the binary path is unquoted. For example, using the command:
- sc qc "Argus Surveillance DVR Watchdog"
This command will display the service's binary path. If the path is not enclosed in quotes and contains spaces (e.g., C:\Program Files\Argus Surveillance DVR\DVRWatchdog.exe), it indicates the presence of the unquoted service path vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should ensure that the service binary path is properly quoted to prevent execution of malicious executables placed in directories with matching prefixes.
Specifically, update the service configuration to enclose the executable path in double quotes, for example:
- "C:\Program Files\Argus Surveillance DVR\DVRWatchdog.exe"
Additionally, restrict write permissions to the Program Files directory to prevent attackers from placing malicious executables there.
If possible, disable the 'Start as service on Windows Startup' option for the DVRWatchdog service until the path issue is fixed.