Saturday, December 7, 2024
HomeCyber Security NewsVeritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution.

The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers.

This exploit leverages vulnerabilities inherent to the .NET Remoting service used by Enterprise Vault.

- Advertisement - SIEM as a Service

The Nature of the Vulnerability

The issue stems from the .NET Remoting TCP ports that Enterprise Vault services utilize during start-up.

These ports, which are dynamically allocated, are susceptible to exploitation. A malicious attacker can exploit these TCP remoting services as well as the local Inter-Process Communication (IPC) services on the Enterprise Vault server by sending specially crafted data.

Fortunately, exploiting this vulnerability is not straightforward and requires several preconditions to be met, including:

  1. RDP Access: The attacker must have Remote Desktop Protocol (RDP) access to a virtual machine within the network. This requires the attacker to be part of the “Remote Desktop Users” group.
  2. Network Knowledge: The attacker must know the specific IP address of the Enterprise Vault server, the process IDs (which are randomly assigned), the dynamic TCP ports, and the remoteable object URIs.
  3. Improper Firewall Configuration: The firewall on the Enterprise Vault server must be misconfigured or disabled.

If these conditions are fulfilled, an attacker could execute remote code on the server, potentially compromising sensitive data and causing significant damage.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Affected Versions

This vulnerability impacts all currently supported versions of Enterprise Vault, including:

  • Versions 15.1, 15.0, 15.0.1, 15.0.2
  • Versions 14.5 through 14.0, as well as all interim updates (e.g., 14.5.1, 14.4.2, etc.)

Earlier unsupported versions may also be affected, heightening the urgency for organizations relying on legacy systems to review their security posture.

Mitigation and Recommendations

While Veritas has announced plans to remediate this vulnerability in Enterprise Vault version 15.2, expected to be generally available in the third quarter of 2025, immediate mitigation steps are advised to protect against potential exploits. Organizations should:

  1. Restrict Access: Limit access to the Enterprise Vault server to authorized Enterprise Vault administrators only, as outlined in the Enterprise Vault Administrator’s Guide.
  2. Screen RDP Users: Ensure that only trusted individuals are part of the “Remote Desktop Users” group and have RDP access to the server.
  3. Configure Firewalls: Enable and properly configure the Enterprise Vault server’s firewall settings according to the Administrator’s Guide.
  4. Apply Windows Updates: Regularly install the latest Windows security updates to minimize exposure to known vulnerabilities.

Veritas has acknowledged the vulnerability and credited Sina Kheirkhah, working with Trend Micro’s Zero Day Initiative (ZDI), for responsibly disclosing it.

The company encourages affected customers to reach out to Veritas Technical Support for any questions or assistance related to this issue.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...