CVE-2020-37230
Published: 16 May 2026
Summary
CVE-2020-37230 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Syncplify (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, ranked at the 1.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31231
Vulnerability details
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with…
more
LocalSystem privileges when the service restarts or the system reboots.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.