PT-2026-3159 · Totalav · Totalav
Andrea Intilangelo
·
Published
2026-01-15
·
Updated
2026-02-09
·
CVE-2021-47787
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TotalAV version 5.15.69
Description
TotalAV version 5.15.69 contains an unquoted service path issue in multiple system services running with LocalSystem privileges. An attacker can place malicious executables in specific unquoted path segments, potentially gaining SYSTEM-level access by exploiting the service path configuration.
Recommendations
Ensure service paths are properly quoted to prevent the placement of malicious executables.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totalav