CVE-2020-36164 : Exploit Details and Defense Strategies

An issue was discovered in Veritas Enterprise Vault through 14.0 that could allow a low privileged user to execute arbitrary code as SYSTEM, leading to potential administrator access on the system.

Understanding CVE-2020-36164

This CVE involves a vulnerability in Veritas Enterprise Vault that could result in arbitrary code execution.

What is CVE-2020-36164?

The vulnerability allows a low privileged user to create a malicious OpenSSL engine configuration file, leading to arbitrary code execution as SYSTEM during service startup.

The Impact of CVE-2020-36164

CVSS Base Score: 9.3 (Critical)
Attack Vector: Local
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Privileges Required: None
Scope: Changed
User Interaction: None

Technical Details of CVE-2020-36164

This section provides more technical insights into the vulnerability.

Vulnerability Description

The OpenSSL library in Veritas Enterprise Vault attempts to load a non-existent openssl.cnf configuration file, allowing a low privileged user to exploit this behavior.

Affected Systems and Versions

Veritas Enterprise Vault through version 14.0
Servers with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server

Exploitation Mechanism

A low privileged user can create a malicious openssl.cnf configuration file in specific directories, triggering arbitrary code execution as SYSTEM.

Mitigation and Prevention

Protect your systems from this vulnerability with the following steps:

Immediate Steps to Take

Disable unnecessary services and protocols
Implement the principle of least privilege
Monitor system logs for suspicious activities

Long-Term Security Practices

Regularly update and patch software
Conduct security training for users and administrators

Patching and Updates

Apply the latest updates and patches from Veritas to address this vulnerability