CVE-2020-28864 – CVE-2020-28864 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2020-28864?

CVE-2020-28864 has a CVSS score of 9.8 (CRITICAL). CVE-2020-28864 is a buffer overflow vulnerability in WinSCP 5.17.8 that allows a malicious FTP server to trigger a denial of service or potentially execute arbitrary code by sending an overly long filename. This affects users connecting to untrusted FTP servers with the vulnerable WinSCP version.

📋 TL;DR

CVE-2020-28864 is a buffer overflow vulnerability in WinSCP 5.17.8 that allows a malicious FTP server to trigger a denial of service or potentially execute arbitrary code by sending an overly long filename. This affects users connecting to untrusted FTP servers with the vulnerable WinSCP version.

💻 Affected Systems

Products:

WinSCP

Versions: 5.17.8 specifically

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FTP protocol connections. SFTP/SCP connections are not vulnerable.

📦 What is this software?

Winscp by Winscp

View all CVEs affecting Winscp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise of the client machine.

🟠

Likely Case

Denial of service causing WinSCP to crash, potentially disrupting file transfer operations.

🟢

If Mitigated

Limited impact if connecting only to trusted FTP servers with proper network segmentation.

🌐 Internet-Facing: HIGH - Attackers can set up malicious FTP servers to exploit clients connecting from the internet.

🏢 Internal Only: MEDIUM - Risk exists if internal users connect to compromised or malicious internal FTP servers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires client to connect to malicious FTP server. No authentication needed on client side.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.17.9 and later

Vendor Advisory: https://winscp.net/forum/viewtopic.php?t=30085

Restart Required: No

Instructions:

1. Download latest WinSCP from winscp.net 2. Run installer 3. Follow installation prompts 4. Verify version is 5.17.9 or higher

🔧 Temporary Workarounds

Use SFTP/SCP instead of FTP

windows

Switch to secure protocols not affected by this vulnerability

Restrict FTP connections

all

Block or limit FTP connections to trusted servers only

🧯 If You Can't Patch

Disable FTP protocol usage in WinSCP settings
Implement network controls to restrict FTP connections to trusted servers only

🔍 How to Verify

Check if Vulnerable:

Check WinSCP version in Help > About. If version is exactly 5.17.8, system is vulnerable.

Check Version:

winscp.com /version

Verify Fix Applied:

Verify WinSCP version is 5.17.9 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

WinSCP crash logs
Unexpected FTP connection attempts from WinSCP

Network Indicators:

FTP connections to unknown servers
Large filename transfers over FTP

SIEM Query:

source="WinSCP" AND (event_type="crash" OR protocol="FTP" AND filename_length>255)

📊 Metadata

CVE ID: CVE-2020-28864

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 23, 2020

Last Updated: November 21, 2024

🔗 References

https://winscp.net/forum/viewtopic.php?t=30085 Vendor Advisory
https://winscp.net/tracker/1924 Issue Tracking,Vendor Advisory
https://winscp.net/forum/viewtopic.php?t=30085 Vendor Advisory
https://winscp.net/tracker/1924 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28864, you might also want to check these: