SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
PUBLISHED5.2CWE-276
SprintWork 2.3.1 - Local Privilege Escalation
Problem type
Affected products
Veridium
SprintWork
2.3.1 - AFFECTED
References
ExploitDB-48070
https://www.exploit-db.com/exploits/48070
Vendor Homepage
https://veridium.net
Product Information Page
https://veridium.net/sprintwork/
VulnCheck Advisory: SprintWork 2.3.1 - Local Privilege Escalation
https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation
GitHub Security Advisories
GHSA-788g-f8cx-72jv
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure...
https://github.com/advisories/GHSA-788g-f8cx-72jvSprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2020-37160
veridium.net
https://veridium.net
veridium.net
https://veridium.net/sprintwork
exploit-db.com
https://www.exploit-db.com/exploits/48070
vulncheck.com
https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation
github.com
https://github.com/advisories/GHSA-788g-f8cx-72jv
JSON source
https://cveawg.mitre.org/api/cve/CVE-2020-37160Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2020-37160",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:10.433Z",
"dateReserved": "2026-02-03T16:27:45.310Z",
"datePublished": "2026-02-06T23:14:10.433Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:10.433Z"
},
"datePublic": "2020-02-13T00:00:00.000Z",
"title": "SprintWork 2.3.1 - Local Privilege Escalation",
"descriptions": [
{
"lang": "en",
"value": "SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access."
}
],
"affected": [
{
"vendor": "Veridium",
"product": "SprintWork",
"versions": [
{
"version": "2.3.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Default Permissions",
"cweId": "CWE-276",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/48070",
"name": "ExploitDB-48070",
"tags": [
"exploit"
]
},
{
"url": "https://veridium.net",
"name": "Vendor Homepage",
"tags": [
"product"
]
},
{
"url": "https://veridium.net/sprintwork/",
"name": "Product Information Page",
"tags": [
"product"
]
},
{
"url": "https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation",
"name": "VulnCheck Advisory: SprintWork 2.3.1 - Local Privilege Escalation",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "boku",
"type": "finder"
}
]
}
}
}