CVE-2021-43460 – This CVE describes an Unquoted Service Path vul... (How to Fix)

Q: What is the severity of CVE-2021-43460?

CVE-2021-43460 has a CVSS score of 7.8 (HIGH). This CVE describes an Unquoted Service Path vulnerability in System Explorer 7.0.0 that allows local attackers to escalate privileges by placing a malicious executable in a directory with spaces in its path. The vulnerability affects users running System Explorer 7.0.0 on Windows systems where the SystemExplorerHelpService service is installed.

📋 TL;DR

This CVE describes an Unquoted Service Path vulnerability in System Explorer 7.0.0 that allows local attackers to escalate privileges by placing a malicious executable in a directory with spaces in its path. The vulnerability affects users running System Explorer 7.0.0 on Windows systems where the SystemExplorerHelpService service is installed.

💻 Affected Systems

Products:

System Explorer

Versions: 7.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SystemExplorerHelpService to be installed and running. The vulnerability exists in the service executable path handling.

📦 What is this software?

System Explorer by Systemexplorer

View all CVEs affecting System Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers can achieve SYSTEM-level privilege escalation, enabling complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local users or malware with basic user privileges can escalate to SYSTEM privileges, allowing them to install additional malware, disable security controls, or access sensitive system resources.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts can be detected and blocked before privilege escalation occurs.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Internal attackers or malware with local access can exploit this to gain SYSTEM privileges and compromise the entire system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available on Exploit-DB and GitHub. Requires local access to the system and ability to write to directories in the service path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Consider uninstalling System Explorer 7.0.0 or upgrading to a newer version if available.

🔧 Temporary Workarounds

Quote Service Path

windows

Manually modify the service path to include quotes around the executable path

sc config SystemExplorerHelpService binPath= "\"C:\Program Files\System Explorer\SystemExplorerHelpService.exe\""

Remove Write Permissions

windows

Remove write permissions for non-administrative users on directories in the service path

icacls "C:\Program Files\System Explorer" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Uninstall System Explorer 7.0.0 completely
Disable or remove the SystemExplorerHelpService service if not required

🔍 How to Verify

Check if Vulnerable:

Check if System Explorer 7.0.0 is installed and the SystemExplorerHelpService service path is unquoted: sc qc SystemExplorerHelpService

Check Version:

Check System Explorer version in Control Panel > Programs and Features or via the application interface

Verify Fix Applied:

Verify the service path is quoted: sc qc SystemExplorerHelpService should show quotes around the executable path

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing service path modifications
Security logs showing privilege escalation attempts
Application logs showing unexpected service restarts

Network Indicators:

Unusual outbound connections from SYSTEM-level processes
DNS queries for known malware domains from elevated processes

SIEM Query:

EventID=4688 AND NewProcessName LIKE '%SystemExplorerHelpService%' AND SubjectUserName NOT IN ('SYSTEM', 'LOCAL SERVICE', 'NETWORK SERVICE')

📊 Metadata

CVE ID: CVE-2021-43460

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

Published: April 4, 2022

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/193324 Third Party Advisory,VDB Entry
https://github.com/M507/Miner Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/49248 Exploit,Third Party Advisory,VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/193324 Third Party Advisory,VDB Entry
https://github.com/M507/Miner Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/49248 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43460, you might also want to check these: