How to fix CVE-2020-36987?

Within 24 hours: Inventory all systems running PACService.exe and assess network exposure; begin communication with affected business units. Within 7 days: Implement network segmentation to restrict PACService.exe execution context, disable the service where operationally feasible, and deploy endpoint detection and response (EDR) monitoring for suspicious PACService.exe behavior. Within 30 days: Establish a vendor communication plan for patch availability; evaluate alternative solutions or system decommissioning; conduct forensic analysis of all PACService.exe instances for signs of compromise.

CVE-2020-36987

HIGH

2026-01-28 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 16:31 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 13:15 nvd

HIGH 7.8

Description

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Analysis

PACService.exe contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Technical Context

affects PACService.exe. Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Affected Products

Product: PACService.exe.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

CVE-2020-36987 vulnerability details – vuln.today

Back

CVE-2020-36987

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-36987

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code