CVE-2020-36168

{"id": "CVE-2020-36168", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2021-01-06T01:15:13.230", "references": [{"url": "https://www.veritas.com/content/support/en_US/security/VTS20-015", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\\. A low privileged user can create a C:\\usr\\local\\ssl\\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Veritas Resiliency Platform versiones 3.4 y 3.5. Aprovecha OpenSSL en sistemas Windows cuando usa el addon Managed Host. Al iniciarse, carga la biblioteca OpenSSL. Esta biblioteca puede intentar cargar el archivo de configuraci\u00f3n openssl.cnf, que no estar presente. Por defecto, en los sistemas Windows, los usuarios pueden crear directorios en C:\\. Un usuario poco privilegiado puede crear un archivo de configuraci\u00f3n C:\\usr\\local\\ssl\\openssl.cnf para cargar un motor OpenSSL malicioso, resultando en una ejecuci\u00f3n de c\u00f3digo arbitraria como SYSTEM cuando se inicia el servicio. Esto le otorga al atacante acceso de administrador al sistema, permitiendo al atacante (por defecto) acceder a todos los datos, acceder a todas las aplicaciones instaladas, etc"}], "lastModified": "2021-01-11T19:53:56.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:resiliency_platform:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F1740DF-9A34-4D97-8714-B10E73DCEB2B"}, {"criteria": "cpe:2.3:a:veritas:resiliency_platform:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "935C6831-9E89-4247-A6CE-F1A470C36328"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}