CVE-2021-47742
📋 TL;DR
This vulnerability allows authenticated users to modify Rocket League executable files with full permissions due to insecure access controls. Attackers can replace legitimate executables with malicious ones to escalate privileges on the system. All users running Rocket League version 1.95 or earlier are affected.
💻 Affected Systems
- Epic Games Psyonix Rocket League
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation leading to complete control of the affected system, data theft, and lateral movement within networks.
Likely Case
Local privilege escalation allowing attackers to gain administrative rights on the system where Rocket League is installed.
If Mitigated
Limited impact if proper file permissions are enforced and users operate with least privilege principles.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of file permission manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.95
Vendor Advisory: https://www.rocketleague.com/
Restart Required: Yes
Instructions:
1. Launch Epic Games Launcher 2. Navigate to Rocket League 3. Check for updates 4. Install any available updates 5. Restart the game
🔧 Temporary Workarounds
Restrict File Permissions
windowsManually adjust file permissions to remove 'Full Control' for Authenticated Users group on Rocket League executables
icacls "C:\Program Files\Epic Games\RocketLeague\Binaries\Win64\RocketLeague.exe" /remove:g "Authenticated Users"
🧯 If You Can't Patch
- Remove 'Full Control' permissions for Authenticated Users group on all Rocket League executable files
- Limit user accounts to standard user privileges instead of administrative rights
🔍 How to Verify
Check if Vulnerable:
Check Rocket League version in game settings or via Epic Games Launcher. Versions 1.95 or earlier are vulnerable.Check Version:
Check in-game settings or Epic Games Launcher library for version informationVerify Fix Applied:
Verify Rocket League version is greater than 1.95 and check file permissions on executables no longer grant 'Full Control' to Authenticated Users.📡 Detection & Monitoring
Log Indicators:
- File permission changes on Rocket League executables
- Unauthorized process execution from Rocket League directories
Network Indicators:
- Unusual network connections originating from Rocket League processes
SIEM Query:
EventID=4663 AND ObjectName LIKE '%RocketLeague%' AND Accesses LIKE '%WRITE_DAC%'🔗 References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/201128
- https://packetstormsecurity.com/files/162435
- https://www.rocketleague.com/
- https://www.vulncheck.com/advisories/epic-games-psyonix-rocket-league-elevation-of-privileges-via-insecure-permissions
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5650.php
