{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/syncplify.me-server-5.0.37/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2020-37230"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Syncplify.me Server! 5.0.37"],"_cs_severities":["high"],"_cs_tags":["unquoted-service-path","privilege-escalation","windows"],"_cs_type":"threat","_cs_vendors":["Syncplify"],"content_html":"\u003cp\u003eSyncplify.me Server! version 5.0.37 is vulnerable to an unquoted service path vulnerability, identified as CVE-2020-37230. This flaw resides in the SMWebRestServicev5 service. A local attacker can exploit this vulnerability to escalate privileges on the system. The vulnerability occurs because the service\u0026rsquo;s executable path is not enclosed in quotes, allowing an attacker to insert a malicious executable into a directory within the service path. When the service restarts, or the system reboots, this malicious executable will be executed with LocalSystem privileges, leading to a privilege escalation. This vulnerability allows attackers with local access to gain complete control over the affected system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to the target system.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the unquoted service path for the SMWebRestServicev5 service.\u003c/li\u003e\n\u003cli\u003eAttacker creates a malicious executable file named after a directory in the service path. For example, if the service path is \u003ccode\u003eC:\\Program Files\\Syncplify.me\\SMWebRestServicev5.exe\u003c/code\u003e, the attacker can create a file at \u003ccode\u003eC:\\Program.exe\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker places the malicious executable in the directory that corresponds to the first part of the unquoted service path.\u003c/li\u003e\n\u003cli\u003eAttacker waits for the system to reboot or the service to restart.\u003c/li\u003e\n\u003cli\u003eThe operating system attempts to start the SMWebRestServicev5 service, but due to the unquoted path, it executes the malicious executable with LocalSystem privileges.\u003c/li\u003e\n\u003cli\u003eThe malicious executable performs actions with elevated privileges, such as creating new user accounts, installing backdoors, or disabling security controls.\u003c/li\u003e\n\u003cli\u003eAttacker achieves persistent access and control over the system with LocalSystem privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to escalate privileges to LocalSystem. This provides the attacker with complete control over the compromised system. An attacker can install programs, view, change, or delete data, and create new accounts with full user rights. This vulnerability poses a significant risk to organizations using the affected Syncplify.me Server! version, potentially leading to data breaches, system compromise, and financial loss.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate access controls to prevent unauthorized local access to systems running Syncplify.me Server! 5.0.37.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Unquoted Service Path\u0026rdquo; Sigma rule to detect potential exploitation attempts by monitoring for executable files created in directories within unquoted service paths.\u003c/li\u003e\n\u003cli\u003eManually audit service configurations to identify and remediate any other unquoted service paths in the environment.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of Syncplify.me Server! that addresses the CVE-2020-37230 vulnerability when available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:18:07Z","date_published":"2026-05-16T16:18:07Z","id":"https://feed.craftedsignal.io/briefs/2026-05-syncplify-unquoted-service-path/","summary":"Syncplify.me Server! version 5.0.37 contains an unquoted service path vulnerability (CVE-2020-37230) in the SMWebRestServicev5 service, allowing a local attacker to escalate privileges by placing a malicious executable in the service path.","title":"Syncplify.me Server! Unquoted Service Path Vulnerability (CVE-2020-37230)","url":"https://feed.craftedsignal.io/briefs/2026-05-syncplify-unquoted-service-path/"}],"language":"en","title":"CraftedSignal Threat Feed — Syncplify.me Server! 5.0.37","version":"https://jsonfeed.org/version/1.1"}