CVE-2021-47767

HIGH EPSS 11.5%

Published Jan 15, 20265mo ago · Modified Jun 17, 20261w ago

8.5 CVSS 4.0

High

Published Jan 15, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

CVSS Details

Base Score

8.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

11.5% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-428

Affected Products 1

Vendor	Product	Version	Range
10-strike	network_inventory_explorer	9.31	any

References 2

10-strike.com https://www.10-strike.com/

Product
exploit-db.com https://www.exploit-db.com/exploits/50494

Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.