CVE-2020-37247
Published: 16 May 2026
Summary
CVE-2020-37247 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Kite (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31248
Vulnerability details
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be…
more
executed with LocalSystem privileges when the service starts.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.