CVE-2020-36162

moderate-risk
Published 2021-01-06

An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10 Critical
LOCAL / LOW complexity

Affected Products (13)

Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Cloudpoint
Netbackup Cloudpoint
Netbackup Cloudpoint

Affected Vendors

Veritas

References (2)

Vendor Advisory https://www.veritas.com/content/support/en_US/security/VTS20-011
Vendor Advisory https://www.veritas.com/content/support/en_US/security/VTS20-011
45
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 0/34 · Minimal
Exposure 17/34 · Moderate