Rewterz Threat Advisory – DTLS Amplification DDoS Attack on Citrix ADC
December 24, 2020Rewterz Threat Advisory – SolarWinds Orion API authentication bypass
December 27, 2020Severity
High
Analysis Summary
CVE-2019-1552
Veritas Backup Exec includes an OpenSSL component that specifies an OPENSSLDIR variable as /usr/local/ssl/. On the Windows platform, this path is interpreted as C:\usr\local\ssl. Backup Exec contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Impact
Privilege escalation
Affected Vendors
Veritas
Affected Products
- Veritas Backup Exec versions BE 20.x
- Veritas BE 21.x
- Veritas BE 16.x
Remediation
Update to the latest version.
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://www.veritas.com/content/support/en_US/security/VTS20-010