Veritas warns of critical flaws in Enterprise Vault
Take action: You can't fix these flaws, because the patch is probably a year away. If you are running Veritas Enterprise Vault, make the reasonable isolation actions - isolate to trusted network access only, patch the server OS and only enable only remote access to trusted users on a need-to-access basis.
Learn More
Veritas is reporting multiple critical flaws in their Enterprise Vault prodiuct. The vulnerabilities stem from the Enterprise Vault application's handling of .NET Remoting services. When the application starts, it initiates services that listen on random .NET Remoting TCP ports for client application commands.
- Seven distinct Remote Code Execution vulnerabilities (CVSS score: 9.8) - All related to deserialization of untrusted data, tracked under identifiers
- ZDI-CAN-24334,
- ZDI-CAN-24336,
- ZDI-CAN-24339,
- ZDI-CAN-24341,
- ZDI-CAN-24343,
- ZDI-CAN-24344,
- ZDI-CAN-24405.
CVE assignments are pending. These services are vulnerable to exploitation through both TCP remoting services and local IPC services on the Enterprise Vault Server.
Exploitation Prerequisites:
- Attacker must have RDP access to a VM in the network (requires Remote Desktop Users group membership)
- Knowledge of the Enterprise Vault server's IP address
- Knowledge of random process IDs
- Knowledge of dynamic TCP ports
- Knowledge of remoteable object URIs
- Improperly configured firewall on the server
All currently supported versions are vulnerable, including:
- Version 15.x: 15.1, 15.0, 15.0.1, 15.0.2
- Version 14.x: All releases from 14.0 to 14.5.1 Older unsupported versions may also be affected.
Veritas recommends mitigation steps - restrict Enterprise Vault server access to EV Administrators only, limit Remote Desktop Users group membership to trusted users only, enable the Enterprise Vault server firewall and ensure all Windows updates are installed on the Enterprise Vault server.
A permanent fix is planned for Enterprise Vault 15.2, with release expected in Q3 2025.
