What is the CVSS score of CVE-2020-36987?

CVE-2020-36987 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PACService.exe are affected by CVE-2020-36987?

A high-severity vulnerability in PACService.exe enables attackers to execute arbitrary code with elevated privileges on affected systems.

Is there a public PoC exploit available for CVE-2020-36987?

Yes, a public proof-of-concept exploit is available for CVE-2020-36987. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-36987?

Within 24 hours: Inventory all systems running PACService.exe and assess network exposure; begin communication with affected business units. Within 7 days: Implement network segmentation to restrict PACService.exe execution context, disable the service where operationally feasible, and deploy endpoint detection and response (EDR) monitoring for suspicious PACService.exe behavior. Within 30 days: Establish a vendor communication plan for patch availability; evaluate alternative solutions or system decommissioning; conduct forensic analysis of all PACService.exe instances for signs of compromise.

PACService.exe CVE-2020-36987

HIGH

Unquoted Search Path or Element (CWE-428)

2026-01-28 disclosure@vulncheck.com

Code Injection

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 16:31 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 13:15 nvd

HIGH 7.8

DescriptionCVE.org

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

AnalysisAI

PACService.exe contains a vulnerability that allows attackers to execute code with elevated privileges (CVSS 7.8).

Technical ContextAI

affects PACService.exe. Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Affected ProductsAI

Product: PACService.exe.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2020-36987 vulnerability details – vuln.today

Back

PACService.exe CVE-2020-36987

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code