CVE-2024-13976

Commvault 11.20.0 - 11.36.0 Windows Maintenance Installer DLL Injection

CVSS 8.5 HIGHEPSS 0.2%CWE-427

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Commvault · Commvault for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.commvault.com/securityadvisories/CV_2024_09_2.html https://www.vulncheck.com/advisories/commvault-for-windows-maintenance-installer-dll-injection