CVE-2024-24722

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
12dsynergy12dsynergy
𝑥
< 4.3.10.192
12dsynergy12dsynergy
5.1.1.58 ≤
𝑥
< 5.1.5.221
12dsynergy12dsynergy
5.1.6.210 ≤
𝑥
< 5.1.6.235
12dsynergyfile_replication_server
𝑥
< 4.3.10.192
12dsynergyfile_replication_server
5.1.1.58 ≤
𝑥
< 5.1.5.221
12dsynergyfile_replication_server
5.1.6.210 ≤
𝑥
< 5.1.6.235
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://files.12dsynergy.com/downloads/download.aspx
https://help.12dsynergy.com/v1/docs/cve-2024-24722
https://www.12dsynergy.com/security-statement/
https://files.12dsynergy.com/downloads/download.aspx
https://help.12dsynergy.com/v1/docs/cve-2024-24722
https://www.12dsynergy.com/security-statement/