7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.6%
Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR
variable that specifies a location where an unprivileged Windows user can create files.
CVE-2020-10143
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR
variable as C:\openssl\
. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf
file to achieve arbitrary code execution with SYSTEM privileges.
By placing a specially-crafted openssl.cnf
in the C:\openssl\
directory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Macrium software installed.
This vulnerability is addressed in Macrium Reflect v7.3.5281.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
760767
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2020-09-23 Updated: 2020-11-11
Statement Date: November 11, 2020
CVE-2020-10143 | Affected |
---|
This vulnerability was introduced in the Macrium Reflect 7.2 series of releases, Reflect 6, 7.0 and 7.1 are not affected. All users of affected releases are entitled to a free upgrade to 7.3.5281 or later. We would like to thank to Will Dormann (@wdormann) for his diligence in reporting this to us.
CVE IDs: | CVE-2020-10143 |
---|---|
Date Public: | 2020-10-26 Date First Published: |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.6%