CVE-2024-24722: An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated...

9.1 CVSS

Description

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.

Classification

CVE ID: CVE-2024-24722

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 32.1% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24722
https://www.12dsynergy.com/security-statement/
https://files.12dsynergy.com/downloads/download.aspx
https://help.12dsynergy.com/v1/docs/cve-2024-24722

Timeline

2025-03-25 16:40:22 UTC
CVE

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated...