Arbitrary Code Execution Vulnerability in Veritas NetBackup and OpsCenter
CVE-2020-36169

9.3CRITICAL

Key Information:

Vendor
Veritas
Status
Netbackup
Opscenter
Vendor
CVE Published:
6 January 2021

Summary

A vulnerability exists in Veritas NetBackup and OpsCenter that may allow a low privileged user to execute arbitrary code. This occurs when the software attempts to load libraries from paths that may be created by users on Windows systems. If an attacker, with limited privileges, creates a malicious path that matches the expected library loading location, they can gain SYSTEM or Administrator-level access. This exposes the system to unauthorized access to data, applications, and system controls, affecting not just installations but the normal functioning of the software throughout its operational period.

References

https://www.veritas.com/content/support/en_US/security/VT...
x_refsource_MISC

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-36169 : Arbitrary Code Execution Vulnerability in Veritas NetBackup and OpsCenter | SecurityVulnerability.io