Endpoint VulnerabilityMacrium Reflect CVE-2020-10143 Arbitrary Code Execution Vulnerability
Description
Macrium Reflect's privileged service uses an OpenSSL component with OPENSSLDIR set to C:\\\\openssl\\\\; because users can create subdirectories under the system root, they can place a crafted openssl.cnf to achieve arbitrary code execution with SYSTEM privileges.
Affected Applications
Macrium Reflect
Version Updates
References
https://www.kb.cert.org/vuls/id/760767| ID | 2259 |
| Created | Jul 06, 2021 |
| Description Updated |
Jan 16, 2026 |
| CVE ID | |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Paramount Software |
| Patch | manual |
| Application | Macrium Reflect |