CVE-2020-36168

Name of the Vulnerable Software and Affected Versions: Veritas Resiliency Platform versions 3.4 through 3.5

Description: An issue in the Veritas Resiliency Platform, which uses OpenSSL on Windows systems with the Managed Host addon, allows for arbitrary code execution as SYSTEM when the service starts. This occurs because the OpenSSL library attempts to load the openssl.cnf configuration file, which does not exist by default. A low-privileged user can create a malicious openssl.cnf configuration file to load a malicious OpenSSL engine. This gives the attacker administrator access on the system, allowing access to all data and installed applications.

Recommendations: For Veritas Resiliency Platform versions 3.4 and 3.5, consider restricting access to the C:usrlocalssl directory to prevent low-privileged users from creating a malicious openssl.cnf configuration file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.