Entrust Instant Financial Issuance Unauthenticated .NET Remoting Exposure Vulnerability

A vulnerability exists in Entrust Instant Financial Issuance (IFI) On-Premise software, specifically in versions 5.x, prior to 6.10.5, and prior to 6.11.1. The issue arises from an insecure .NET Remoting exposure in the Legacy Remoting Service, which is enabled by default. This service registers a TCP remoting channel with SOAP and binary formatters set to TypeFilterLevel=Full, exposing default ObjectURI endpoints. A remote, unauthenticated attacker with access to the remoting port can invoke the exposed objects to read arbitrary files from the server, manipulate outbound authentication, and potentially achieve arbitrary file writes and remote code execution using known .NET Remoting exploitation techniques. This vulnerability could lead to the disclosure of sensitive installation and service-account information, as well as a compromise of the affected host.

Impact

Exploitation of this vulnerability could result in unauthorized access to files on the server, manipulation of authentication processes, and execution of arbitrary code, leading to a full compromise of the affected host.