PT-2026-5849 · Syncbreeze+1 · Syncbreeze Enterprise+1

Boku

Publicado

2026-02-03

Atualizado

2026-02-20

CVE-2020-37100

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise version 12.4.18

Description Sync Breeze Enterprise 12.4.18 contains an unquoted service path that could allow local attackers to execute arbitrary code with elevated system privileges. The issue arises from an unquoted binary path, enabling attackers to place malicious executables in specific file system locations and hijack the service startup process.

Recommendations Ensure the service path is properly quoted to prevent the execution of unauthorized code.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428

Identificadores relacionados

CVE-2020-37100

Produtos afetados

Syncbreeze Enterprise

Syncbreeze

PT-2026-5849 · Syncbreeze+1 · Syncbreeze Enterprise+1

CVE-2020-37100

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6