Published: 06/01/2021 Updated: 11/01/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An issue exists in Veritas CloudPoint prior to 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
veritas cloudpoint 1.0
veritas cloudpoint 1.0.2
veritas cloudpoint 2.0
veritas cloudpoint 2.0.1
veritas cloudpoint 2.0.2
veritas cloudpoint 2.1
veritas cloudpoint 2.1.1
veritas cloudpoint 2.1.2
veritas cloudpoint 2.2
veritas cloudpoint 2.2.1
veritas cloudpoint 2.2.2
veritas netbackup_cloudpoint 8.3
veritas netbackup_cloudpoint 8.3.0.1

NVD-CWE-noinfo https://www.veritas.com/content/support/en_US/security/VTS20-011 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-36162

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect