CVE-2020-18077 – A buffer overflow vulnerability in FTPShell Ser... (How to Fix)

Q: What is the severity of CVE-2020-18077?

CVE-2020-18077 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in FTPShell Server v6.83 allows attackers to crash the service via specially crafted requests to the Virtual Path Mapping component. This affects anyone running the vulnerable version of FTPShell Server, potentially disrupting file transfer operations.

📋 TL;DR

A buffer overflow vulnerability in FTPShell Server v6.83 allows attackers to crash the service via specially crafted requests to the Virtual Path Mapping component. This affects anyone running the vulnerable version of FTPShell Server, potentially disrupting file transfer operations.

💻 Affected Systems

Products:

FTPShell Server

Versions: Version 6.83 specifically

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the server component; client versions are not vulnerable.

📦 What is this software?

Ftpshell Server by Ftpshell

View all CVEs affecting Ftpshell Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing FTPShell Server to crash, disrupting all FTP operations until service restart.

🟠

Likely Case

Service crash requiring manual restart, causing temporary disruption to file transfers.

🟢

If Mitigated

No impact if patched or workarounds implemented; service remains stable.

🌐 Internet-Facing: HIGH - FTPShell servers exposed to the internet are directly vulnerable to remote DoS attacks.

🏢 Internal Only: MEDIUM - Internal attackers could still cause service disruption, but external threat surface is eliminated.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates simple DoS via buffer overflow; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - no official patch identified

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to FTPShell Server to trusted networks only

Configure firewall rules to allow only specific IP ranges

Service Monitoring and Restart

windows

Implement automated monitoring and restart for FTPShell service

sc query FTPShell
net start FTPShell

🧯 If You Can't Patch

Replace FTPShell with alternative FTP server software
Implement strict network access controls and monitor for crash events

🔍 How to Verify

Check if Vulnerable:

Check FTPShell Server version in application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\FTPShell\Server\Version

Check Version:

reg query "HKLM\SOFTWARE\FTPShell\Server" /v Version

Verify Fix Applied:

Verify version is not 6.83; test with known exploit payloads if possible

📡 Detection & Monitoring

Log Indicators:

FTPShell service crash events
Application error logs showing buffer overflow

Network Indicators:

Unusual FTP traffic patterns
Multiple connection attempts to Virtual Path Mapping

SIEM Query:

source="FTPShell" AND (event_id=1000 OR "buffer overflow" OR "access violation")

📊 Metadata

CVE ID: CVE-2020-18077

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: December 17, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/cve-vul/vul/blob/master/FTPShell/FTPShell_Server_6.83_DOS.md Exploit,Third Party Advisory
https://github.com/cve-vul/vul/blob/master/FTPShell/FTPShell_Server_6.83_DOS.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18077, you might also want to check these: