// For flags

CVE-2020-36166

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

Se detectó un problema en Veritas InfoScale versiones 7.x hasta 7.4.2 en Windows, Storage Foundation versiones hasta 6.1 en Windows, Storage Foundation HA versiones hasta 6.1 en Windows e InfoScale Operations Manager (también se conoce como VIOM) Windows Management Server versiones 7.x hasta 7.4.2 .&#xa0;Al iniciarse, carga la biblioteca OpenSSL desde \usr\local\ssl.&#xa0;Esta biblioteca intenta cargar el archivo de configuración \usr\local\ssl\openssl.cnf, que puede no estar presente.&#xa0;En los sistemas Windows, esta ruta podría traducirse a (drive):\usr\local\ssl\openssl.cnf, donde (drive) podría ser la unidad de instalación predeterminada de Windows, como C:\ o la unidad donde está instalado un producto de Veritas.&#xa0;Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en cualquier directorio de nivel superior.&#xa0;Un usuario poco privilegiado puede crear un archivo de configuración (drive):\usr\local\ssl\openssl.cnf para cargar un motor OpenSSL malicioso, resultando en una ejecución de código arbitraria como SYSTEM cuando se inicia el servicio.&#xa0;Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-06 CVE Reserved
  • 2021-01-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.veritas.com/content/support/en_US/security/VTS20-014 2021-01-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Veritas
Search vendor "Veritas"
 Infoscale
Search vendor "Veritas" for product "Infoscale"
 >= 7.0.0 <= 7.4.2
Search vendor "Veritas" for product "Infoscale" and version " >= 7.0.0 <= 7.4.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Veritas
Search vendor "Veritas"
 Infoscale Operations Manager
Search vendor "Veritas" for product "Infoscale Operations Manager"
 >= 7.0.0 <= 7.4.2
Search vendor "Veritas" for product "Infoscale Operations Manager" and version " >= 7.0.0 <= 7.4.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Veritas
Search vendor "Veritas"
 Storage Foundation
Search vendor "Veritas" for product "Storage Foundation"
 <= 6.1
Search vendor "Veritas" for product "Storage Foundation" and version " <= 6.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Veritas
Search vendor "Veritas"
 Storage Foundation And High Availability
Search vendor "Veritas" for product "Storage Foundation And High Availability"
 <= 6.1
Search vendor "Veritas" for product "Storage Foundation And High Availability" and version " <= 6.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe