CVE-2020-36161 Explained : Impact and Mitigation
Discover the impact of CVE-2020-36161 in Veritas APTARE 10.4 and 10.5. Learn about the vulnerability allowing arbitrary code execution as SYSTEM on Windows systems and how to mitigate it.
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3, allowing a low privileged user on Windows systems to exploit arbitrary code execution as SYSTEM, potentially gaining administrator access.
Understanding CVE-2020-36161
This CVE identifies a vulnerability in Veritas APTARE versions 10.4 and 10.5 on Windows systems.
What is CVE-2020-36161?
The vulnerability allows a low privileged user to create directories at critical locations, enabling malicious OpenSSL engine exploitation upon system restart.
The Impact of CVE-2020-36161
The exploit could lead to arbitrary code execution as SYSTEM, granting the attacker administrator privileges and access to sensitive data and applications.
Technical Details of CVE-2020-36161
The technical aspects of this CVE are as follows:
Vulnerability Description
The issue in Veritas APTARE versions 10.4 and 10.5 allows unauthorized directory creation, leading to potential code execution as SYSTEM.
Affected Systems and Versions
- Veritas APTARE 10.4 before 10.4P9
- Veritas APTARE 10.5 before 10.5P3
Exploitation Mechanism
- Low privileged user creates directories at critical locations
- Malicious OpenSSL engine exploit upon system restart
Mitigation and Prevention
To address CVE-2020-36161, consider the following steps:
Immediate Steps to Take
- Apply vendor-supplied patches promptly
- Restrict user permissions to critical system directories
- Monitor system for unauthorized directory creation
Long-Term Security Practices
- Regularly update and patch software and systems
- Implement least privilege access controls
- Conduct security awareness training for users
Patching and Updates
- Update Veritas APTARE to versions 10.4P9 or 10.5P3 to mitigate the vulnerability