CVE-2024-24722
  • 18 Feb 2024
  • 1 Minute to read
  • PDF

CVE-2024-24722

  • PDF

Article summary

Summary 

Published On19/02/2024
TypePrivilege Escalation / Unquoted Windows Service Path Vulnerability
Affected Products12d Synergy Server, 12d Synergy File Replication Server
Affected VersionsAll Versions
Fix Versions4.3.10.192, 5.1.5.221, 5.1.6.235

Description

This vulnerability occurs when a service path that has spaces in it is not quoted.

Windows attempts to start this service but looks at matching the shortest path first – for example, if the service path is c:\program files (x86)\12d\12d Synergy\12dSynergyServerservice.exe, Windows will attempt to run c:\program.exe first

This may allow lead to an unexpected program running with escalated privileges. Do note that this requires an actor with Local Access to the server to exploit this vulnerability. As a result, there is low likelihood of exploitation but it is our recommendation that administrators use one of the two mitigations provided below.

Impacted Products / Versions

This impacts all prior versions of the 12d Synergy Server and the 12d Synergy File Replication Server, including Enterprise Customers.

This does not include cloud customers, for whom the issue is already resolved.

Mitigation

Upgrade

As this issue is now patched, you can resolve this issue by upgrading your server and any FRS installations to one of the following versions or later.

  • 4.3.10.192
  • 5.1.5.221
  • 5.1.6.235

Temporary Mitigation

You can temporarily resolve this issue by changing the service bin path manually.

To do so, follow these steps:

  1. Run an administrative cmd line on the server
  2. sc config "12dSynergyServer" binPath= "\"Path To Service"\"
     
    For example, to safely quote a v4 server installation, use
    sc config "12dSynergyServer" binPath= "\"C:\Program Files (x86)\12d\12d Synergy\4.0\Server\12dSynergyServerService.exe"\"
  3. Restart the service

 Discovery

Thanks to James Cuneo from BMD Group.


Was this article helpful?