Syncplify.me Server! CVE-2020-37230: Local Privilege Escalation
The National Vulnerability Database has detailed CVE-2020-37230, a critical unquoted service path vulnerability affecting Syncplify.me Server! version 5.0.37. This flaw, rated with a CVSS score of 7.8 (HIGH), resides in the SMWebRestServicev5 service.
Attackers can exploit this by inserting a malicious executable into the service path. When the service restarts or the system reboots, this malicious binary will execute with LocalSystem privileges, granting an attacker full control over the compromised system. This is a classic local privilege escalation vector.
While the National Vulnerability Database did not specify affected products beyond the version, the implications are clear: any organization running Syncplify.me Server! 5.0.37 is exposed to a straightforward privilege escalation that can turn a low-level foothold into complete system compromise.
What This Means For You
- If your organization uses Syncplify.me Server! 5.0.37, you have a critical local privilege escalation vulnerability. Attackers who gain initial low-level access can immediately use this to take over the system. Patch or upgrade immediately. Audit service configurations for unquoted paths across all your Windows services as a proactive measure.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2020-37230 - Syncplify.me Server Unquoted Service Path Privilege Escalation
title: CVE-2020-37230 - Syncplify.me Server Unquoted Service Path Privilege Escalation
id: scw-2026-05-16-ai-1
status: experimental
level: critical
description: |
Detects the Syncplify.me Server SMWebRestServicev5 service executable being launched with a command line containing a space, indicating a potential unquoted service path vulnerability (CVE-2020-37230). Attackers can exploit this by placing a malicious executable in a path that is interpreted due to the lack of quotes, leading to privilege escalation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-16
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2020-37230/
tags:
- attack.privilege_escalation
- attack.t1547.002
logsource:
category: process_creation
detection:
selection:
Image|contains:
- 'C:\Program Files\Syncplify.me Server\SMWebRestServicev5.exe'
CommandLine|contains:
- ' '
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2020-37230 | Privilege Escalation | Syncplify.me Server! 5.0.37 |
| CVE-2020-37230 | Privilege Escalation | Unquoted Service Path |
| CVE-2020-37230 | Privilege Escalation | SMWebRestServicev5 service |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 16, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Plugin Backup and Restore: Arbitrary File Deletion Exposes Installations
CVE-2021-47979 — WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in...
TextPattern CMS RCE via Plugin Upload (CVE-2021-47976)
CVE-2021-47976 — TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload...
EgavilanMedia PHPCRUD SQLi Exposes Unauthenticated Data Access
CVE-2021-47956 — EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname...