{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2020-37160", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-03T16:27:45.310Z", "datePublished": "2026-02-06T23:14:10.433Z", "dateUpdated": "2026-02-17T16:56:47.635Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-02-06T23:14:10.433Z" }, "datePublic": "2020-02-13T00:00:00.000Z", "title": "SprintWork 2.3.1 - Local Privilege Escalation", "descriptions": [ { "lang": "en", "value": "SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Incorrect Default Permissions", "cweId": "CWE-276", "type": "CWE" } ] } ], "affected": [ { "vendor": "Veridium", "product": "SprintWork", "versions": [ { "version": "2.3.1", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/48070", "name": "ExploitDB-48070", "tags": [ "exploit" ] }, { "url": "https://veridium.net", "name": "Vendor Homepage", "tags": [ "product" ] }, { "url": "https://veridium.net/sprintwork/", "name": "Product Information Page", "tags": [ "product" ] }, { "name": "VulnCheck Advisory: SprintWork 2.3.1 - Local Privilege Escalation", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation" } ], "credits": [ { "lang": "en", "value": "boku", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-02-17T16:56:42.658121Z", "id": "CVE-2020-37160", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T16:56:47.635Z" } } ] } }