CVE-2020-37100

HighPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

20 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37100 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Flexense Syncbreeze. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely identification, reporting, and correction of flaws like unquoted service paths to prevent local privilege escalation.

CM-6 Configuration Settings good match

prevent

Mandates establishment and enforcement of secure configuration settings, including quoting service binary paths to block hijacking via unquoted paths.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict low-privileged local users from writing malicious executables to file system locations exploited in the unquoted service path vulnerability.

NVD Description

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack…

the service startup process.

Deeper analysisAI

Sync Breeze Enterprise 12.4.18 is affected by CVE-2020-37100, an unquoted service path vulnerability classified under CWE-428. This flaw occurs in the service binary path, enabling local attackers to hijack the service startup process. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local attackers with low privileges can exploit this vulnerability by placing malicious executables in specific file system locations that precede the legitimate service binary in the system's PATH search order. Successful exploitation allows execution of arbitrary code with elevated system privileges, such as SYSTEM level, without requiring user interaction or high complexity.

Advisories and references, including those from VulnCheck at https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path, the vendor site at http://www.syncbreeze.com, and a public exploit at https://www.exploit-db.com/exploits/48045, provide further details on the issue. Practitioners should consult these sources for mitigation guidance, such as updating to a patched version or applying service configuration fixes to quote the binary path.

Details

CWE(s): CWE-428

Affected Products

flexense

syncbreeze

12.4.18

CVEs Like This One

CVE-2020-36946Same product: Flexense Syncbreeze

CVE-2021-47809Same vendor: Flexense

CVE-2025-59893Same product: Flexense Syncbreeze

CVE-2021-47807Same vendor: Flexense

CVE-2020-36930Same vendor: Flexense

CVE-2025-59891Same product: Flexense Syncbreeze

CVE-2021-47806Same vendor: Flexense

CVE-2025-59894Same product: Flexense Syncbreeze

CVE-2025-59895Same product: Flexense Syncbreeze

CVE-2025-59892Same product: Flexense Syncbreeze

References

http://www.syncbreeze.com
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48045
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path
Third Party Advisory · disclosure@vulncheck.com