What is the severity of CVE-2020-36169?

The severity of CVE-2020-36169 is critical, with a severity value of 8.8.

Which software versions are affected by CVE-2020-36169?

Veritas NetBackup versions up to and including 8.3.0.1 and OpsCenter versions up to and including 8.3.0.1 are affected by CVE-2020-36169.

What is the vulnerability description of CVE-2020-36169?

CVE-2020-36169 is a vulnerability in Veritas NetBackup and OpsCenter where processes using OpenSSL attempt to load and execute libraries from non-existent paths on Windows systems.

Is Microsoft Windows vulnerable to CVE-2020-36169?

No, Microsoft Windows is not vulnerable to CVE-2020-36169.

How can I fix CVE-2020-36169?

To fix CVE-2020-36169, it is recommended to update Veritas NetBackup and OpsCenter to versions higher than 8.3.0.1. Please refer to the Veritas security advisory for further instructions.

Vulnerability/
CVE-2020-36169

critical

9.3

6/1/2021

4/8/2024

CVE-2020-36169

First published: Wed Jan 06 2021(Updated: )

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Veritas NetBackup	<=8.3.0.1
Veritas Opscenter	<=8.3.0.1
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1

Frequently Asked Questions

What is the severity of CVE-2020-36169?
The severity of CVE-2020-36169 is critical, with a severity value of 8.8.
Which software versions are affected by CVE-2020-36169?
Veritas NetBackup versions up to and including 8.3.0.1 and OpsCenter versions up to and including 8.3.0.1 are affected by CVE-2020-36169.
What is the vulnerability description of CVE-2020-36169?
CVE-2020-36169 is a vulnerability in Veritas NetBackup and OpsCenter where processes using OpenSSL attempt to load and execute libraries from non-existent paths on Windows systems.
Is Microsoft Windows vulnerable to CVE-2020-36169?
No, Microsoft Windows is not vulnerable to CVE-2020-36169.
How can I fix CVE-2020-36169?
To fix CVE-2020-36169, it is recommended to update Veritas NetBackup and OpsCenter to versions higher than 8.3.0.1. Please refer to the Veritas security advisory for further instructions.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/severity
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/veritas
canonical/veritas netbackup
version/veritas netbackup/8.3.0.1
canonical/veritas opscenter
version/veritas opscenter/8.3.0.1
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.