Vulnerability Details : CVE-2020-36161
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
Products affected by CVE-2020-36161
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:-:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch1:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch2:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch3:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch4:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch5:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch6:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch7:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.4.00:patch8:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.5.00:-:*:*:*:*:*:*
- cpe:2.3:a:veritas:aptare_it_analytics:10.5.00:patch1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36161
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36161
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
References for CVE-2020-36161
-
https://www.veritas.com/content/support/en_US/security/VTS20-009
APTARE OpenSSL advisory | Veritas™Vendor Advisory
Jump to