Filetto 1.0 FTP server contains a denial of service (DoS) vulnerability in the FEAT command processing. Sending an oversized command causes a buffer o...
Description
Filetto 1.0 FTP server contains a denial of service (DoS) vulnerability in the FEAT command processing. Sending an oversized command causes a buffer overflow and service crash.
AI Analyst Comment
Remediation
Update the FEAT Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Filetto
PRODUCT: Filetto FTP Server
AFFECTED_VERSIONS: Version 1.0
---END_METADATA---
Description Summary:
Filetto 1.0 FTP server contains a denial of service (DoS) vulnerability in the FEAT command processing. Sending an oversized command causes a buffer overflow and service crash.
Executive Summary:
A critical buffer overflow vulnerability in the Filetto FTP Server allows unauthenticated attackers to remotely crash the service, resulting in a persistent denial of service.
Vulnerability Details
CVE-ID: CVE-2020-37067
Affected Software: Filetto FTP Server
Affected Versions: Version 1.0
Vulnerability: The vulnerability occurs during the processing of the FTP "FEAT" command. An unauthenticated attacker can send a specially crafted FEAT command containing 11,008 bytes of repeated characters, which triggers a buffer overflow and causes the FTP service to terminate unexpectedly.
Business Impact
Successful exploitation results in the immediate unavailability of the FTP service, disrupting file transfer operations and potentially impacting business workflows that rely on the server. While primarily a Denial of Service, the CVSS score of 9.8 suggests that the underlying memory corruption could potentially be leveraged for more advanced exploitation.
Remediation Plan
Immediate Action: Update Filetto FTP Server to the latest version or migrate to a more robust and regularly maintained FTP solution such as FileZilla Server or an SFTP-based alternative.
Proactive Monitoring: Configure automated alerts to notify administrators if the FTP service stops unexpectedly and monitor network traffic for unusually large FTP command strings.
Compensating Controls: Implement an Intrusion Prevention System (IPS) with signatures designed to detect and drop oversized or malformed FTP commands, specifically targeting the FEAT verb.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 3, 2026, there is no public information indicating active exploitation of this vulnerability. DoS vulnerabilities in FTP servers are frequently used as a precursor to broader attacks or to disrupt defensive operations.
Analyst Recommendation
The Filetto FTP Server version 1.0 is highly susceptible to remote disruption. Given the age of the software and the criticality of the flaw, it is recommended to replace this software with a modern, secure alternative that supports encrypted transfers and has a proven track record of security patching.