CVE-2020-37069
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Konica Minolta | FTP Utility | 1.0 | affected |
Weaknesses
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/48502
- https://konica-minolta-ftp-utility.software.informer.com/download/
- https://www.konicaminolta.us/
- https://www.vulncheck.com/advisories/konica-minolta-ftp-utility-nlst-denial-of-service
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.