CVE-2024-24722 – An unquoted service path vulnerability in 12d S... (How to Fix)

Q: What is the severity of CVE-2024-24722?

CVE-2024-24722 has a CVSS score of 9.1 (CRITICAL). An unquoted service path vulnerability in 12d Synergy Server and File Replication Server allows attackers with local access to place malicious executables in service paths, which Windows may execute with elevated privileges. This affects organizations using vulnerable versions of 12d Synergy software. Attackers could gain SYSTEM-level access on affected servers.

📋 TL;DR

An unquoted service path vulnerability in 12d Synergy Server and File Replication Server allows attackers with local access to place malicious executables in service paths, which Windows may execute with elevated privileges. This affects organizations using vulnerable versions of 12d Synergy software. Attackers could gain SYSTEM-level access on affected servers.

💻 Affected Systems

Products:

12d Synergy Server
12d Synergy File Replication Server

Versions: All versions before 4.3.10.192, 5.1.5.221, and 5.1.6.235

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installations where services run with elevated privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM privileges, enabling complete compromise of the server, data theft, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Local attacker escalates privileges to SYSTEM, installs persistence mechanisms, and accesses sensitive engineering data stored in 12d Synergy.

🟢

If Mitigated

With proper access controls and monitoring, impact limited to isolated server compromise requiring physical or credentialed access.

🌐 Internet-Facing: LOW - Requires local access to the server; not directly exploitable over the internet.

🏢 Internal Only: HIGH - Any user with local access to vulnerable servers can potentially gain SYSTEM privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the server. Unquoted service path vulnerabilities are well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.10.192, 5.1.5.221, or 5.1.6.235

Vendor Advisory: https://help.12dsynergy.com/v1/docs/cve-2024-24722

Restart Required: Yes

Instructions:

1. Download patched version from 12d Synergy website. 2. Backup configuration and data. 3. Stop 12d Synergy services. 4. Install updated version. 5. Restart services. 6. Verify functionality.

🔧 Temporary Workarounds

Apply quotes to service paths

windows

Manually add quotes around service executable paths in Windows Registry

sc config "12d Synergy Server" binPath= "\"C:\Program Files\12d\Synergy Server\12dSynergyServer.exe\""
sc config "12d Synergy File Replication Server" binPath= "\"C:\Program Files\12d\Synergy Server\12dSynergyFRS.exe\""

Restrict write permissions

windows

Remove write permissions for non-administrative users on directories in service paths

icacls "C:\Program Files\12d" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"

🧯 If You Can't Patch

Restrict local access to servers to only trusted administrators
Implement application whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check service paths in Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\12d Synergy Server - look for unquoted paths containing spaces

Check Version:

Check version in 12d Synergy Server administration interface or program files version properties

Verify Fix Applied:

Verify service paths are quoted in Registry and version matches patched versions

📡 Detection & Monitoring

Log Indicators:

Unexpected service restarts
Creation of executables in 12d program directories
Process creation from unusual locations

Network Indicators:

Unusual outbound connections from 12d Synergy servers
Lateral movement attempts from 12d servers

SIEM Query:

EventID=4688 AND (NewProcessName:*12d* OR ParentProcessName:*12d*) AND CommandLine CONTAINS spaces AND NOT CommandLine STARTSWITH '"'

📊 Metadata

CVE ID: CVE-2024-24722

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-428

Published: February 19, 2024

Last Updated: April 2, 2025

🔗 References

https://files.12dsynergy.com/downloads/download.aspx Product
https://help.12dsynergy.com/v1/docs/cve-2024-24722 Vendor Advisory
https://www.12dsynergy.com/security-statement/ Product
https://files.12dsynergy.com/downloads/download.aspx Product
https://help.12dsynergy.com/v1/docs/cve-2024-24722 Vendor Advisory
https://www.12dsynergy.com/security-statement/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24722, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

12dsynergy by 12dsynergy

12dsynergy by 12dsynergy

12dsynergy by 12dsynergy

File Replication Server by 12dsynergy

File Replication Server by 12dsynergy

File Replication Server by 12dsynergy

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Apply quotes to service paths

Restrict write permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities