CVE-2020-36161 — HIGH (8.8)

Vulnerability Description

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Veritas	Aptare It Analytics	10.4.00
Microsoft	Windows	-

References

https://www.veritas.com/content/support/en_US/security/VTS20-009Vendor Advisory
https://www.veritas.com/content/support/en_US/security/VTS20-009Vendor Advisory

FAQ

What is CVE-2020-36161?

CVE-2020-36161 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a director...

How severe is CVE-2020-36161?

CVE-2020-36161 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36161?

Check the references section above for vendor advisories and patch information. Affected products include: Veritas Aptare It Analytics, Microsoft Windows.