Unquoted Service Path Enables LocalSystem Privilege Escalation

Syncplify.me Server versions up to 5.0.37 contain an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges to LocalSystem level. When a Windows service is defined with an unquoted binary path containing spaces, Windows attempts to execute the first portion of the path as the executable. An attacker with local file system access can place a malicious executable in a directory within the service path, causing Windows to execute their payload with the elevated privileges of the service (in this case, LocalSystem). This vulnerability affects organizations deploying Syncplify.me as a file transfer solution, particularly in environments where local user access exists or where workstations may be compromised by other means.

While this specific CVE lacks direct MITRE ATT&CK technique mappings, Casky's 754 security skills—powered by Claude AI's extended reasoning—would identify the underlying attack patterns associated with Privilege Escalation (T1548) and Service Exploitation. Practitioners using Casky would see detection findings centered on: (1) Windows service configuration analysis flagging unquoted paths with embedded spaces, (2) file system monitoring alerts for executable placement attempts in service directories, and (3) process execution patterns showing child processes spawning with unexpected parent services at elevated privilege levels. The platform's skill set would correlate these indicators with known service-based privilege escalation patterns, enabling security teams to proactively audit their Syncplify.me deployments and remediate by quoting service paths before exploitation occurs.