What is the CVSS score of CVE-2020-37067?

CVE-2020-37067 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2020-37067?

Yes, a public proof-of-concept exploit is available for CVE-2020-37067. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37067?

Within 24 hours: Identify all systems running affected software and isolate them from untrusted networks if possible; enable monitoring for FEAT command abuse. Within 7 days: Implement compensating controls including network segmentation, WAF rules to throttle FEAT commands, and disable the FEAT command if operationally feasible. Within 30 days: Establish a vendor contact escalation plan, test and prepare for emergency patching upon availability, and conduct a full risk assessment of exposed assets.

CVE-2020-37067

CRITICAL

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-02-03 disclosure@vulncheck.com

Buffer Overflow Denial Of Service

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 16:33 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.

AnalysisAI

Filetto 1.0 FTP server has a denial of service vulnerability in FEAT command processing causing uncontrolled resource consumption.

Technical ContextAI

Filetto 1.0 FTP server fails to handle FEAT command processing properly (CWE-770), allowing attackers to exhaust server resources and crash the service.

Affected ProductsAI

Filetto 1.0 FTP server

RemediationAI

Replace with a production-grade FTP server.

CVE-2020-37067 vulnerability details – vuln.today

Back

CVE-2020-37067

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code