Advisory Details

November 22nd, 2021

Commvault CommCell AppStudioUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability

ZDI-21-1332
ZDI-CAN-13894

CVE ID CVE-2021-34997
CVSS SCORE 8.8, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AFFECTED VENDORS Commvault
AFFECTED PRODUCTS CommCell
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE.

ADDITIONAL DETAILS

Fixed in Version 11.25


DISCLOSURE TIMELINE
  • 2021-06-30 - Vulnerability reported to vendor
  • 2021-11-22 - Coordinated public release of advisory
CREDIT kpc
BACK TO ADVISORIES