CVE-2021-47985
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Brother SAPSprint version 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.
Risk Assessment
This vulnerability poses a risk of privilege escalation, which could lead to local attackers gaining control over the system. This may result in serious security implications for the organization.
Recommendation
It is recommended to update Brother SAPSprint to the latest version to mitigate this vulnerability. Additionally, access to the Program Files directory should be restricted and services should be monitored.
Original NVD description (English source)
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.

