CVE-2020-10143
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Macrium Reflect incluye un componente OpenSSL que especifica una variable OPENSSLDIR como C:\openssl\. Macrium Reflect contiene un servicio privilegiado que utiliza este componente OpenSSL. Debido a que los usuarios de Windows no privilegiados pueden crear subdirectorios fuera del sistema root, un usuario puede crear la ruta apropiada para que un archivo openssl.cnf especialmente diseñado logre una ejecución de código arbitraria con privilegios SYSTEM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-05 CVE Reserved
- 2020-12-09 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-665: Improper Initialization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.kb.cert.org/vuls/id/760767 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Macrium Search vendor "Macrium" | Reflect Search vendor "Macrium" for product "Reflect" | < 7.3.5281 Search vendor "Macrium" for product "Reflect" and version " < 7.3.5281" | - |
Affected
| ||||||