PT-2021-24149 · Microsoft+1 · .Net Remoting+1
Markus Wulftange
+1
·
Published
2021-12-06
·
Updated
2022-03-10
·
CVE-2021-44680
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Veritas Enterprise Vault versions through 14.1.2
Description:
The issue is related to the deserialization behavior inherent to the .NET Remoting service. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This can be mitigated by properly configuring the servers and firewall as described in the vendor's security alert.
Recommendations:
For versions through 14.1.2, properly configure the servers and firewall as described in the vendor's security alert to mitigate the issue.
As a temporary workaround, consider restricting access to the TCP remoting services and local IPC services on the Enterprise Vault Server until a patch is available.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
.Net Remoting
Veritas Enterprise Vault