CVE-2020-36164

{"id": "CVE-2020-36164", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2021-01-06T01:15:12.967", "references": [{"url": "https://www.veritas.com/content/support/en_US/security/VTS20-013", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\\) and the product's installation drive (typically not C:\\): \\Isode\\etc\\ssl\\openssl.cnf (on SMTP Server) or \\user\\ssl\\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Veritas Enterprise Vault versiones hasta 14.0. Al iniciarse, carga la biblioteca OpenSSL. Luego, la biblioteca OpenSSL intenta cargar el archivo de configuraci\u00f3n openssl.cnf (que no existe) en las siguientes ubicaciones tanto en la unidad del sistema (normalmente C:\\) como en la unidad de instalaci\u00f3n del producto (normalmente no C:\\): \\Isode\\etc\\ssl\\openssl.cnf (en el servidor SMTP) o \\user\\ssl\\openssl.cnf (en otros componentes afectados). Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n openssl.cnf para cargar un motor OpenSSL malicioso, resultando en una ejecuci\u00f3n de c\u00f3digo arbitraria como SYSTEM cuando se inicia el servicio. Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc. Esta vulnerabilidad solo afecta a un servidor con MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter , Servidor de archivos de NetApp o archivado del sistema de archivos para NetApp como servidor de archivos"}], "lastModified": "2021-01-11T21:09:35.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29FDF02A-95FC-4676-98DF-DCD24A66CD2C", "versionEndIncluding": "14.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}