CVE-2021-47787

HIGH

TotalAV <5.15.69 - Privilege Escalation

Title source: llm

Description

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Exploits (1)

exploitdb WRITEUP

by Andrea Intilangelo · textlocalwindows

https://www.exploit-db.com/exploits/50314

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50314

[Product] https://www.totalav.com

[Third Party Advisory] https://www.vulncheck.com/advisories/totalav-unquoted-service-path

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (2)

totalav/totalav 5.15.69

Totalav/TotalAV 5.15.69

Published Jan 16, 2026

Tracked Since Feb 18, 2026