CVE-2020-19596: 
CoreFTP Server vulnerability analysis and mitigation

Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, which allows remote attackers to execute arbitrary code via a crafted username when SSH key authentication is enabled (0x90 Zone). The vulnerability was discovered on May 1, 2020, and was patched after responsible disclosure to the vendor.

The vulnerability exists in the username field processing during SSH key authentication. An attacker can trigger a buffer overflow by sending a specially crafted username of 198 bytes followed by an EIP overwrite. The exploit doesn't require authentication and works on systems without ASLR or DEP protections. The vulnerability was confirmed to work on Windows XP SP3 Build 2600, with the EIP being overwritten after 198 bytes. The identified bad characters for payload construction are \x00 \x01 \x02 \x0a \x0d \x40 (0x90 Zone). The CVSS v3.1 base score is 9.8 CRITICAL (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

Successful exploitation of this vulnerability allows attackers to execute arbitrary code with administrator privileges since the FTP server runs with administrative rights. Additionally, attackers can access configuration files containing encrypted credentials, potentially leading to persistent system access (0x90 Zone).

The vendor has released a patch to address this vulnerability. Users should upgrade to the patched version. As a workaround, if possible, administrators can disable SSH key authentication to prevent exploitation (0x90 Zone).