PT-2024-8778 · Veritas · Veritas Enterprise Vault

Published

1999-01-01

Updated

2024-12-11

CVE-2024-53915

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.2

Description: The issue is related to the deserialization mechanism in the Veritas Enterprise Vault server, allowing remote attackers to execute arbitrary code by sending specially crafted data to the .NET Remoting TCP port. This can be achieved by deserializing untrusted data received on the TCP port, enabling remote code execution.

Recommendations: For versions prior to 15.2, update to version 15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the .NET Remoting TCP port to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2024-10394

CVE-2024-53915

DOTNETREMOTINGCHECK

ZDI-24-1663

Affected Products

Veritas Enterprise Vault

PT-2024-8778 · Veritas · Veritas Enterprise Vault

CVE-2024-53915

Weakness Enumeration

Related Identifiers

Affected Products

References · 9