Vulnerabilities ›

CVE-2020-37177

High

CWE-121 — Weakness Type

                    Published: Feb 11, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.

🤖 AI Executive Summary

CVE-2020-37177 is a stack-based buffer overflow vulnerability in BOOTP Turbo 2.0 that allows remote attackers to crash the application and potentially execute arbitrary code by overwriting the Structured Exception Handler (SEH) chain with a specially crafted 2196-byte payload. While no public exploit is currently available, the vulnerability poses a denial of service risk to systems running vulnerable versions. Immediate patching is recommended for all affected deployments.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 12:38

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects organizations using BOOTP Turbo 2.0 for network boot and DHCP services. Saudi sectors at risk include: Government agencies (NCA, CITC) managing network infrastructure; Telecommunications providers (STC, Mobily, Zain) operating DHCP/boot servers; Banking sector (SAMA-regulated institutions) with legacy network infrastructure; Healthcare organizations (MOH) managing hospital networks; and Energy sector (ARAMCO, SEC) with industrial control systems. The DoS impact could disrupt critical network services and infrastructure availability.

🏢 Affected Saudi Sectors

Government Telecommunications Banking Healthcare Energy

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1499.004 - Application Exhaustion Flood T1190 - Exploit Public-Facing Application T1055 - Process Injection

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running BOOTP Turbo 2.0 and document their network locations and criticality

2. Implement network segmentation to restrict access to BOOTP/DHCP services from untrusted networks

3. Enable firewall rules to limit BOOTP traffic (UDP port 67/68) to authorized sources only



Patching Guidance:

1. Apply the latest security patch for BOOTP Turbo 2.0 from the vendor immediately

2. Test patches in a non-production environment before deployment

3. Schedule patching during maintenance windows with minimal service disruption

4. Verify patch installation by checking application version and running vendor validation tools



Compensating Controls (if patching delayed):

1. Implement rate limiting on BOOTP/DHCP requests to mitigate DoS attempts

2. Deploy network-based IDS/IPS rules to detect malicious BOOTP payloads

3. Monitor for application crashes and SEH chain corruption attempts

4. Maintain redundant DHCP/boot servers for failover capability



Detection Rules:

1. Monitor for BOOTP packets exceeding 2196 bytes with suspicious byte patterns

2. Alert on unexpected application crashes in BOOTP Turbo 2.0 processes

3. Track SEH chain modifications and exception handler overwrites

4. Log all BOOTP service restarts and anomalous terminations

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تعمل بـ BOOTP Turbo 2.0 وتوثيق مواقعها على الشبكة وأهميتها

2. تطبيق تقسيم الشبكة لتقييد الوصول إلى خدمات BOOTP/DHCP من الشبكات غير الموثوقة

3. تفعيل قواعد جدار الحماية لتحديد حركة BOOTP (منافذ UDP 67/68) من المصادر المصرح بها فقط

إرشادات التصحيح:

1. تطبيق أحدث تصحيح أمني لـ BOOTP Turbo 2.0 من المورد فوراً

2. اختبار التصحيحات في بيئة غير إنتاجية قبل النشر

3. جدولة التصحيحات خلال نوافذ الصيانة مع تقليل انقطاع الخدمة

4. التحقق من تثبيت التصحيح بفحص إصدار التطبيق وتشغيل أدوات التحقق من المورد

الضوابط البديلة (إذا تأخر التصحيح):

1. تطبيق تحديد معدل طلبات BOOTP/DHCP للتخفيف من محاولات رفض الخدمة

2. نشر قواعد IDS/IPS على مستوى الشبكة للكشف عن حمولات BOOTP الضارة

3. مراقبة أعطال التطبيقات وسلسلة SEH

4. الحفاظ على خوادم DHCP/boot احتياطية للفشل

قواعد الكشف:

1. مراقبة حزم BOOTP التي تتجاوز 2196 بايت برسائل مريبة

2. تنبيهات على أعطال التطبيقات غير المتوقعة في عمليات BOOTP Turbo 2.0

3. تتبع تعديلات سلسلة SEH وعمليات الكتابة فوق معالجات الاستثناءات

4. تسجيل جميع إعادة تشغيل خدمة BOOTP والإنهاءات الشاذة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of access

🔵 SAMA CSF

SAMA CSF ID.RA-1 - Asset management and vulnerability identification SAMA CSF PR.IP-12 - Security patch management SAMA CSF DE.CM-1 - Detection and monitoring systems

🟡 ISO 27001:2022

ISO 27001:2022 A.12.3.1 - Segregation of networks ISO 27001:2022 A.14.2.1 - Secure development and change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🔗 References & Sources 3

🔗

https://www.exploit-db.com/exploits/47955

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/bootp-turbo-denial-of-service-seh

disclosure@vulncheck.com

🔗

https://www.weird-solutions.com

disclosure@vulncheck.com

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-121

EPSS0.04%

Exploit No

Patch ✓ Yes

Published 2026-02-11

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-121

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-37177

💬 Comments

Introduce Yourself

Sign In Required