How to fix CVE-2020-37069?

Within 24 hours: Identify all systems running Konica Minolta FTP Utility 1.0 and isolate them from untrusted networks; restrict FTP access to known, authorized clients only. Within 7 days: Deploy network-level mitigations (WAF rules, IDS/IPS signatures) to detect and block oversized NLST commands; implement input validation at the network perimeter. Within 30 days: Evaluate alternative FTP solutions or contact Konica Minolta for patch availability; plan migration or upgrade strategy; conduct vulnerability scanning across the environment for similar exposures.

Is Ftp Utility affected by CVE-2020-37069?

A critical buffer overflow vulnerability in Konica Minolta FTP Utility 1.0 allows attackers to crash servers and potentially execute arbitrary code with a CVSS score of 9.8.

CVE-2020-37069

CRITICAL

2026-02-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 25, 2026 - 18:59 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

CRITICAL 9.8

Description

Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.

Analysis

Konica Minolta FTP Utility 1.0 has a second buffer overflow in the NLST command, providing an additional RCE vector alongside the LIST vulnerability.

Technical Context

CWE-120 buffer overflow in NLST command processing, separate from the LIST overflow (CVE-2020-37068).

Affected Products

['Konica Minolta FTP Utility 1.0']

Remediation

Replace the utility with a secure FTP client.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: +20

CVE-2020-37069 vulnerability details – vuln.today

Back

CVE-2020-37069

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37069

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code