CVE-2020-36169

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 8.3.0.1 Veritas OpsCenter versions through 8.3.0.1

Description: An issue was discovered where processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. A low-privileged user can create an affected path with a library that the Veritas product attempts to load, allowing them to execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, enabling them to access all data and installed applications. The vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform, both during installation or upgrade and post-install during normal operations.

Recommendations: For Veritas NetBackup versions through 8.3.0.1, consider restricting access to the affected paths to minimize the risk of exploitation. For Veritas OpsCenter versions through 8.3.0.1, consider restricting access to the affected paths to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.