CVE-2021-47847
📋 TL;DR
Disk Sorter Server 13.6.12 has an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated privileges. Attackers can place malicious executables in the service path to hijack execution when the service starts. This affects systems running Disk Sorter Server 13.6.12 on Windows.
💻 Affected Systems
- Disk Sorter Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation to SYSTEM-level access, enabling complete control over the affected system.
Likely Case
Local privilege escalation allowing attackers to gain administrative privileges and install persistent malware.
If Mitigated
Limited impact if proper access controls prevent local users from writing to program directories.
🎯 Exploit Status
Exploit requires local access to create malicious executables in the unquoted path. Proof-of-concept code is publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.disksorter.com
Restart Required: Yes
Instructions:
1. Check vendor website for updated version. 2. If available, download and install updated version. 3. Restart the Disk Sorter Server service.
🔧 Temporary Workarounds
Quote Service Path
windowsModify the service configuration to use quotes around the binary path
sc config "Disk Sorter Server" binPath= "\"C:\Program Files\Disk Sorter Server\bin\disksrs.exe\""
Restrict Directory Permissions
windowsSet strict ACLs on the Disk Sorter Server directories to prevent unauthorized writes
icacls "C:\Program Files\Disk Sorter Server" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(W)"
🧯 If You Can't Patch
- Implement strict access controls to prevent local users from writing to program directories
- Monitor for unauthorized file creation in Disk Sorter Server directories
🔍 How to Verify
Check if Vulnerable:
Check if Disk Sorter Server service path is unquoted: sc qc "Disk Sorter Server" | findstr BINARY_PATH_NAMECheck Version:
Check installed version in Control Panel > Programs and Features or via vendor documentationVerify Fix Applied:
Verify service path now has quotes: sc qc "Disk Sorter Server" | findstr BINARY_PATH_NAME📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service start failures
- Unexpected processes running from Disk Sorter Server directories
Network Indicators:
- Unusual outbound connections from Disk Sorter Server process
SIEM Query:
Process Creation where ImagePath contains 'Disk Sorter Server' and not (ImagePath contains '\"')