Arbitrary Code Execution Vulnerability in Veritas APTARE for Windows
CVE-2020-36161

8.8HIGH

Key Information:

Vendor: Veritas
Status: Aptare It Analytics
Vendor: CVE Published:; 6 January 2021

Summary

A vulnerability in Veritas APTARE allows low-privileged users on Windows systems to create directories in critical configuration file locations. When the system is restarted, an attacker can exploit this access with a malicious OpenSSL engine, achieving arbitrary code execution with SYSTEM privileges. This escalation grants the attacker full administrator access, enabling them to manipulate installed applications and potentially access sensitive data across the system.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 6, 2021
Vulnerability Reserved
Jan 6, 2021