Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Veritas System Recovery 安全漏洞
Vulnerability Description
Veritas System Recovery是美国Veritas公司的一款系统恢复软件。该软件为Windows系统提供不需重新安装系统即可将损坏的系统恢复的功能。 Veritas System Recovery before 21.2 存在安全漏洞,攻击者可利用该漏洞在服务启动时执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A