Cyber Resilience

CVE-2020-37031

HighPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 5.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37031 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ashkon (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).

Deeper analysis

Simple Startup Manager version 1.17 suffers from a local buffer overflow vulnerability, classified as CWE-787, which enables attackers to execute arbitrary code. The flaw occurs through the 'File' input parameter, where insufficient bounds checking allows memory overwriting. This issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with low attack complexity, no required privileges, and significant impacts on confidentiality, integrity, and availability.

Local attackers can exploit this vulnerability by crafting a malicious payload of 268 bytes, which triggers the buffer overflow and enables arbitrary code execution. The exploit bypasses Data Execution Prevention (DEP) by overwriting specific memory addresses, as demonstrated by payloads that launch calc.exe, providing a clear path to full system compromise on affected systems.

Advisories and related resources, including those from VulnCheck and an Exploit-DB entry (exploit 48678), detail the vulnerability and proof-of-concept exploit. The official software page is available at ashkon.com/startup_manager.html. No patches or specific mitigation steps are outlined in the provided details, emphasizing the need for users to discontinue use of version 1.17 or apply any vendor updates if available.

Public availability of the exploit on Exploit-DB highlights active proof-of-concept code, underscoring the risk for systems running the vulnerable software.

EU & UK References

Vulnerability details

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP…

more

and overwriting memory addresses to launch calc.exe.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow (CWE-787) in a user-facing application directly enables arbitrary code execution with high impact and no privileges required, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

Ashkon
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation and bounds checking on the 'File' input parameter to directly prevent the buffer overflow vulnerability (CWE-787).

prevent

Implements memory protection safeguards such as DEP, ASLR, and stack canaries to block arbitrary code execution from memory overwrites even if overflow occurs.

prevent

Restricts or prohibits installation and execution of unapproved user-installed software like vulnerable Simple Startup Manager 1.17.

References