CVE-2020-37070

CriticalPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 49.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote…

code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow vulnerability in CloudMe 1.11.2 by identifying, reporting, and applying patches or upgrades.

SC-7 Boundary Protection good match

prevent

Prevents remote code execution by monitoring and controlling network communications to the vulnerable CloudMe service on TCP port 8888.

CM-7 Least Functionality good match

prevent

Mitigates exposure by configuring the system to provide only essential capabilities, such as disabling or restricting the unnecessary CloudMe service.

Security SummaryAI

CVE-2020-37070 is a buffer overflow vulnerability (CWE-120) affecting CloudMe version 1.11.2. The vulnerability resides in the CloudMe service, which listens on TCP port 8888, and can be triggered by specially crafted network packets sent to this service, resulting in remote code execution.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, no privileges or user interaction required. Any unauthenticated remote attacker can send a malicious payload to the affected service on port 8888 to achieve arbitrary code execution on the target system.

Advisories and exploit details are documented in references including a VulnCheck advisory at https://www.vulncheck.com/advisories/cloudme-buffer-overflow-sehdepaslr and a public proof-of-concept exploit at https://www.exploit-db.com/exploits/48499. The vendor site is available at https://www.cloudme.com/en; no specific patch or mitigation details are provided in the CVE description.

Details

CWE(s): CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in CloudMe service (TCP/8888) enables remote unauthenticated RCE, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.cloudme.com/en
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48499
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/cloudme-buffer-overflow-sehdepaslr
disclosure@vulncheck.com