CVE-2021-44678 : Security Advisory and Response
Learn about CVE-2021-44678, a critical vulnerability in Veritas Enterprise Vault allowing attackers to exploit TCP Remoting and local IPC services. Find mitigation steps and the affected versions here.
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2 regarding potential exploits on .NET Remoting TCP ports.
Understanding CVE-2021-44678
What is CVE-2021-44678?
CVE-2021-44678 is a vulnerability in Veritas Enterprise Vault that allows malicious attackers to exploit TCP Remoting and local IPC services due to deserialization behavior inherent to the .NET Remoting service.
The Impact of CVE-2021-44678
The vulnerability has a CVSS base score of 9.8, making it critical. It affects confidentiality, integrity, and availability with no privileges required and user interaction necessary.
Technical Details of CVE-2021-44678
Vulnerability Description
- The issue exists in Veritas Enterprise Vault through version 14.1.2, where the application starts services on random .NET Remoting TCP ports vulnerable to exploitation.
Affected Systems and Versions
- Product: Veritas Enterprise Vault
- Vendor: Veritas
- Versions affected: All versions through 14.1.2
Exploitation Mechanism
- Malicious actors can exploit the vulnerability by sending commands to the TCP services, potentially compromising the system.
Mitigation and Prevention
Immediate Steps to Take
- Configure servers and firewalls as per the vendor's security alert (VTS21-003, ZDI-CAN-14076).
Long-Term Security Practices
- Regularly update and patch Veritas Enterprise Vault.
- Monitor network traffic for any unusual activity.
- Employ network segmentation to limit the impact of potential attacks.