CVE-2024-4461

EUVD-2024-44077
Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sugarsyncsugarsync
𝑥
< 4.1.3
ADP
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-path-or-search-item-vulnerability-sugarsync
https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-path-or-search-item-vulnerability-sugarsync