CVE-2020-36983

high

Description

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.

References

https://www.vulncheck.com/advisories/quick-n-easy-ftp-service-unquoted-service-path

https://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_service.html

https://www.pablosoftwaresolutions.com/download.php?id=10

https://www.exploit-db.com/exploits/48983

Details

Source: Mitre, NVD

Published: 2026-01-27

Updated: 2026-01-27

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.5

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00005