What is the CVSS score of CVE-2020-37069?

CVE-2020-37069 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ftp Utility are affected by CVE-2020-37069?

A critical buffer overflow vulnerability in Konica Minolta FTP Utility 1.0 allows attackers to crash servers and potentially execute arbitrary code with a CVSS score of 9.8.

Is there a public PoC exploit available for CVE-2020-37069?

Yes, a public proof-of-concept exploit is available for CVE-2020-37069. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37069?

Within 24 hours: Identify all systems running Konica Minolta FTP Utility 1.0 and isolate them from untrusted networks; restrict FTP access to known, authorized clients only. Within 7 days: Deploy network-level mitigations (WAF rules, IDS/IPS signatures) to detect and block oversized NLST commands; implement input validation at the network perimeter. Within 30 days: Evaluate alternative FTP solutions or contact Konica Minolta for patch availability; plan migration or upgrade strategy; conduct vulnerability scanning across the environment for similar exposures.

Ftp Utility CVE-2020-37069

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-02-03 disclosure@vulncheck.com

Buffer Overflow Denial Of Service Ftp Utility

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 25, 2026 - 18:59 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.

AnalysisAI

Konica Minolta FTP Utility 1.0 has a second buffer overflow in the NLST command, providing an additional RCE vector alongside the LIST vulnerability.

Technical ContextAI

CWE-120 buffer overflow in NLST command processing, separate from the LIST overflow (CVE-2020-37068).

RemediationAI

Replace the utility with a secure FTP client.

CVE-2020-37069 vulnerability details – vuln.today

Back

Ftp Utility CVE-2020-37069

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code