Cyber Resilience

CVE-2020-37100

HighPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37100 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Flexense Syncbreeze. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

Sync Breeze Enterprise 12.4.18 is affected by CVE-2020-37100, an unquoted service path vulnerability classified under CWE-428. This flaw occurs in the service binary path, enabling local attackers to hijack the service startup process. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local attackers with low privileges can exploit this vulnerability by placing malicious executables in specific file system locations that precede the legitimate service binary in the system's PATH search order. Successful exploitation allows execution of arbitrary code with elevated system privileges, such as SYSTEM level, without requiring user interaction or high complexity.

Advisories and references, including those from VulnCheck at https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path, the vendor site at http://www.syncbreeze.com, and a public exploit at https://www.exploit-db.com/exploits/48045, provide further details on the issue. Practitioners should consult these sources for mitigation guidance, such as updating to a patched version or applying service configuration fixes to quote the binary path.

EU & UK References

Vulnerability details

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack…

more

the service startup process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
Why these techniques?

Unquoted service path (CWE-428) directly enables path interception by placing a malicious executable earlier in the search order, leading to arbitrary code execution at service startup with SYSTEM privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47809Same vendor: Flexense
CVE-2021-47806Same vendor: Flexense
CVE-2021-47807Same vendor: Flexense
CVE-2020-36930Same vendor: Flexense
CVE-2020-36946Same product: Flexense Syncbreeze
CVE-2021-47805Same vendor: Flexense
CVE-2020-36927Same vendor: Flexense
CVE-2025-59893Same product: Flexense Syncbreeze
CVE-2025-59891Same product: Flexense Syncbreeze
CVE-2025-59894Same product: Flexense Syncbreeze

Affected Assets

flexense
syncbreeze
12.4.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of flaws like unquoted service paths to prevent local privilege escalation.

prevent

Mandates establishment and enforcement of secure configuration settings, including quoting service binary paths to block hijacking via unquoted paths.

prevent

Enforces least privilege to restrict low-privileged local users from writing malicious executables to file system locations exploited in the unquoted service path vulnerability.

References