CVE-2021-47762
📋 TL;DR
HTTPDebuggerPro 9.11 has an unquoted service path vulnerability that allows local attackers to execute arbitrary code with SYSTEM privileges by placing malicious executables in the service path. This affects systems running HTTPDebuggerPro 9.11 on Windows where attackers have local access.
💻 Affected Systems
- HTTPDebuggerPro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise allowing complete control of the affected system, installation of persistent backdoors, credential theft, and lateral movement.
Likely Case
Local privilege escalation to SYSTEM privileges enabling attackers to bypass security controls, install malware, or access sensitive system resources.
If Mitigated
Limited impact with proper access controls preventing local attackers from writing to vulnerable directories.
🎯 Exploit Status
Exploit requires local access and ability to write to vulnerable directories. Proof of concept available on Exploit-DB.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://www.httpdebugger.com
Restart Required: No
Instructions:
No official patch available. Consider upgrading to newer versions if available or implementing workarounds.
🔧 Temporary Workarounds
Quote Service Path
windowsModify the service configuration to use quoted paths for the binary executable.
sc config "HTTPDebuggerPro" binPath= "\"C:\Program Files\HTTPDebuggerPro\HTTPDebuggerPro.exe\""
Restrict Directory Permissions
windowsSet strict permissions on directories in the service path to prevent unauthorized writes.
icacls "C:\Program Files\HTTPDebuggerPro" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(W)"
🧯 If You Can't Patch
- Remove HTTPDebuggerPro from production systems if not essential
- Implement strict access controls to prevent local users from writing to vulnerable directories
🔍 How to Verify
Check if Vulnerable:
Check if HTTPDebuggerPro service path is unquoted: sc qc "HTTPDebuggerPro" | findstr BINARY_PATH_NAMECheck Version:
Check HTTPDebuggerPro version in Help > About or program propertiesVerify Fix Applied:
Verify service path is quoted and directory permissions are restricted: sc qc "HTTPDebuggerPro" | findstr BINARY_PATH_NAME and icacls "C:\Program Files\HTTPDebuggerPro"📡 Detection & Monitoring
Log Indicators:
- Unusual service restarts
- Creation of executables in HTTPDebuggerPro directories
- Process creation from unusual locations
Network Indicators:
- Outbound connections from SYSTEM processes not normally expected
SIEM Query:
Process Creation where (ImagePath contains "HTTPDebuggerPro" and CommandLine contains unusual paths) OR (Service Control Manager events for HTTPDebuggerPro service modification)