PT-2021-11941 · Openssl+2 · Openssl+2

Published

2021-01-06

Updated

2021-01-12

CVE-2020-36161

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Veritas APTARE versions 10.4 through 10.4P8 Veritas APTARE versions 10.5 through 10.5P2

Description: An issue was discovered in Veritas APTARE where a low privileged user can create a directory at the configuration file locations under C:. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM, giving the attacker administrator access on the system. This allows the attacker to access all data and all installed applications.

Recommendations: For Veritas APTARE versions 10.4 through 10.4P8, update to version 10.4P9 or later. For Veritas APTARE versions 10.5 through 10.5P2, update to version 10.5P3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-36161

Affected Products

Openssl

Veritas Aptare

Windows

PT-2021-11941 · Openssl+2 · Openssl+2

CVE-2020-36161

Related Identifiers

Affected Products

References · 4