← back
CVE-2021-47985

Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Brother · SAPSprint
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50061unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://brother.com/https://www.exploit-db.com/exploits/50061https://www.vulncheck.com/advisories/brother-sapsprint-unquoted-service-path-privilege-escalation