CVE-2020-37230

HIGH CVSS 7.8 View on NVD ↗

Description

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the service restarts or the system reboots.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://download.syncplify.me/SMServer_Setup.exe
https://www.exploit-db.com/exploits/49009
https://www.syncplify.me/
https://www.vulncheck.com/advisories/syncplify-me-server-unquoted-service-path-privilege-escalation

Published: May 16, 2026 16:16 UTC Modified: May 16, 2026 16:16 UTC