Arbitrary Code Execution Vulnerability in Veritas NetBackup and OpsCenter
CVE-2020-36169

9.3CRITICAL

Key Information:

Vendor: Veritas
Status: Netbackup; Opscenter
Vendor: CVE Published:; 6 January 2021

What is CVE-2020-36169?

A vulnerability exists in Veritas NetBackup and OpsCenter that may allow a low privileged user to execute arbitrary code. This occurs when the software attempts to load libraries from paths that may be created by users on Windows systems. If an attacker, with limited privileges, creates a malicious path that matches the expected library loading location, they can gain SYSTEM or Administrator-level access. This exposes the system to unauthorized access to data, applications, and system controls, affecting not just installations but the normal functioning of the software throughout its operational period.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2021
Vulnerability Reserved
Jan 6, 2021