Veritas System Recovery 18/21 Backup Configuration cleartext storage in the registry
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.6 | $0-$5k | 0.00 |
A vulnerability classified as problematic was found in Veritas System Recovery 18/21. This vulnerability affects some unknown functionality of the component Backup Configuration Handler. The manipulation with an unknown input leads to a cleartext storage in the registry vulnerability. The CWE definition for the vulnerability is CWE-314. The application stores sensitive information in cleartext in the registry. As an impact it is known to affect confidentiality. CVE summarizes:
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
The weakness was released 09/23/2022. The advisory is available at veritas.com. This vulnerability was named CVE-2022-41320 since 09/23/2022. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1555 by the MITRE ATT&CK project.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Product
Vendor
Name
License
- commercial
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.6
VulDB Base Score: 2.7
VulDB Temp Score: 2.7
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Cleartext storage in the registryCWE: CWE-314 / CWE-312 / CWE-310
ATT&CK: T1555
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔒
Timeline
09/23/2022 Advisory disclosed09/23/2022 CVE reserved
09/23/2022 VulDB entry created
10/22/2022 VulDB last update
Sources
Advisory: veritas.comStatus: Confirmed
CVE: CVE-2022-41320 (🔒)
Entry
Created: 09/23/2022 03:00 PMUpdated: 10/22/2022 03:42 PM
Changes: 09/23/2022 03:00 PM (37), 10/22/2022 03:42 PM (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.