CVE-2020-36163 : Security Advisory and Response

An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1 where NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system, potentially allowing arbitrary code execution as SYSTEM or Administrator.

Understanding CVE-2020-36163

This CVE highlights a critical vulnerability in Veritas NetBackup and OpsCenter on Windows systems, enabling attackers to gain administrator access.

What is CVE-2020-36163?

The vulnerability allows low privileged users to create directories with malicious libraries, leading to arbitrary code execution as SYSTEM or Administrator.
Affected systems include NetBackup master servers, media servers, clients, and OpsCenter servers on Windows platforms.

The Impact of CVE-2020-36163

CVSS Score: 9.3 (Critical)
Attack Vector: Local
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Scope: Changed
No privileges required for exploitation

Technical Details of CVE-2020-36163

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

NetBackup processes using Strawberry Perl attempt to load and execute libraries from non-existent paths on Windows systems.

Affected Systems and Versions

Veritas NetBackup and OpsCenter through version 8.3.0.1 on Windows platforms.

Exploitation Mechanism

Attackers can create directories with malicious libraries under C:, triggering the execution of arbitrary code as SYSTEM or Administrator.

Mitigation and Prevention

Protect your systems from CVE-2020-36163 with the following steps:

Immediate Steps to Take

Disable unnecessary services and restrict user permissions.
Monitor system logs for suspicious activities.

Long-Term Security Practices

Regularly update and patch Veritas NetBackup and OpsCenter.
Implement least privilege access controls.

Patching and Updates

Apply the latest security patches from Veritas to address this vulnerability.