CVE-2020-37100

Exploit

EPSS 0.01%
Veröffentlicht 03.02.2026 15:16:10
Zuletzt bearbeitet 20.02.2026 16:38:24
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flexense ≫ Syncbreeze Version12.4.18 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.023

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://www.syncbreeze.com

Product

https://www.exploit-db.com/exploits/48045

Third Party Advisory

Exploit

VDB Entry

https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-37100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-37100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-37100

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-37100