CVE-2020-37100
Unquoted Service Path in Sync Breeze Enterprise Enables Privilege Escalation
Publication date: 2026-02-03
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flexense | syncbreeze | 12.4.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37100 is an unquoted service path vulnerability found in Sync Breeze Enterprise version 12.4.18. This vulnerability occurs because the service executable path is not enclosed in quotes, which allows local attackers to place malicious executables in specific file system locations.
When the service starts, the system may mistakenly execute the malicious executable instead of the intended service binary, leading to arbitrary code execution with elevated system privileges.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to escalate their privileges by executing arbitrary code with elevated system privileges.
Because the service runs with the LocalSystem account and is set to auto-start, exploitation can lead to full control over the affected system, potentially compromising confidentiality, integrity, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for unquoted service paths in the Sync Breeze Enterprise service configuration. Specifically, the service executable path is not enclosed in quotes, which can be identified using Windows command-line tools.'}, {'type': 'list_item', 'content': 'Use the Windows Management Instrumentation Command-line (WMIC) to query the service executable path, for example: wmic service where "name=\'Sync Breeze Enterprise\'" get PathName'}, {'type': 'list_item', 'content': 'Use the Service Control (sc) command to query the service configuration: sc qc "Sync Breeze Enterprise"'}, {'type': 'paragraph', 'content': 'If the executable path returned by these commands is unquoted and contains spaces, it indicates the presence of the unquoted service path vulnerability.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately ensure that the service executable path is properly quoted in the service configuration to prevent execution of malicious binaries placed in the file system.
Additionally, restrict local user permissions to prevent unauthorized users from placing executables in directories that are part of the unquoted service path.
If possible, update or patch Sync Breeze Enterprise to a version where this vulnerability is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.