Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Veritas CloudPoint 安全漏洞
Vulnerability Description
Veritas CloudPoint是美国Veritas公司的一个用于云环境中可提供快照功能的软件。该软件提供便于操作的服务管理面板,使用户运用云原生快照技术执行备份和恢复操作。 Veritas CloudPoint 版本 8.3.0.1+hotfix 之前的产品存在安全漏洞,攻击者可利用该漏洞以管理员方式执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A