CVE-2021-47861

HIGH

7.8

Beschreibung

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.

CVE Details

CVSS v3.1 Bewertung7.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht1/21/2026

Zuletzt geandert1/26/2026

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-428

Referenzen

https://eventlogxp.com/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/49704(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/event-log-explorer-elodeaeventcollectorservice-unquoted-service-path(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.