CVE-2020-36161
First published: Wed Jan 06 2021(Updated: )
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas Aptare It Analytics | =10.4.00 | |
| Veritas Aptare It Analytics | =10.4.00-patch1 | |
| Veritas Aptare It Analytics | =10.4.00-patch2 | |
| Veritas Aptare It Analytics | =10.4.00-patch3 | |
| Veritas Aptare It Analytics | =10.4.00-patch4 | |
| Veritas Aptare It Analytics | =10.4.00-patch5 | |
| Veritas Aptare It Analytics | =10.4.00-patch6 | |
| Veritas Aptare It Analytics | =10.4.00-patch7 | |
| Veritas Aptare It Analytics | =10.4.00-patch8 | |
| Veritas Aptare It Analytics | =10.5.00 | |
| Veritas Aptare It Analytics | =10.5.00-patch1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2020-36161.
What is the severity of CVE-2020-36161?
The severity of CVE-2020-36161 is high, with a severity value of 8.8.
What is the affected software for CVE-2020-36161?
The affected software for CVE-2020-36161 is Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3.
How can a low privileged user exploit CVE-2020-36161?
A low privileged user can exploit CVE-2020-36161 by creating a directory at the configuration file locations on Windows systems.
Is there a patch available for CVE-2020-36161?
Yes, patches are available for Veritas APTARE 10.4 and 10.5 to fix CVE-2020-36161. Users should update to the latest patch version.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/veritas
- canonical/veritas aptare it analytics
- version/veritas aptare it analytics/10.4.00
- version/veritas aptare it analytics/10.4.00-patch1
- version/veritas aptare it analytics/10.4.00-patch2
- version/veritas aptare it analytics/10.4.00-patch3
- version/veritas aptare it analytics/10.4.00-patch4
- version/veritas aptare it analytics/10.4.00-patch5
- version/veritas aptare it analytics/10.4.00-patch6
- version/veritas aptare it analytics/10.4.00-patch7
- version/veritas aptare it analytics/10.4.00-patch8
- version/veritas aptare it analytics/10.5.00
- version/veritas aptare it analytics/10.5.00-patch1
- vendor/microsoft
- canonical/microsoft windows