Cyber Resilience

CVE-2020-37070

HighPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 36.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37070 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Cloudme (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2020-37070 is a buffer overflow vulnerability (CWE-120) affecting CloudMe version 1.11.2. The vulnerability resides in the CloudMe service, which listens on TCP port 8888, and can be triggered by specially crafted network packets sent to this service, resulting in remote code execution.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, no privileges or user interaction required. Any unauthenticated remote attacker can send a malicious payload to the affected service on port 8888 to achieve arbitrary code execution on the target system.

Advisories and exploit details are documented in references including a VulnCheck advisory at https://www.vulncheck.com/advisories/cloudme-buffer-overflow-sehdepaslr and a public proof-of-concept exploit at https://www.exploit-db.com/exploits/48499. The vendor site is available at https://www.cloudme.com/en; no specific patch or mitigation details are provided in the CVE description.

EU & UK References

Vulnerability details

CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote…

more

code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in CloudMe service (TCP/8888) enables remote unauthenticated RCE, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70314Shared CWE-120
CVE-2026-38426Shared CWE-120
CVE-2025-29329Shared CWE-120
CVE-2025-25567Shared CWE-120
CVE-2025-60553Shared CWE-120
CVE-2025-26005Shared CWE-120
CVE-2024-57482Shared CWE-120
CVE-2026-27459Shared CWE-120
CVE-2025-27836Shared CWE-120
CVE-2025-29137Shared CWE-120

Affected Assets

Cloudme
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow vulnerability in CloudMe 1.11.2 by identifying, reporting, and applying patches or upgrades.

prevent

Prevents remote code execution by monitoring and controlling network communications to the vulnerable CloudMe service on TCP port 8888.

prevent

Mitigates exposure by configuring the system to provide only essential capabilities, such as disabling or restricting the unnecessary CloudMe service.

References