Commvault Edge (CVE-2017-3195)

Affected software: Commvault Edge 11 SP6

A stack based buffer overflow in the Commvault Edge Communication Service (cvd) allows remote attackers to execute arbitrary code via crafted packets, exploiting weaknesses in the key exchange mechanism. Access to TCP port 8400 (by default) on the target machine is necessary to exploit this vulnerability.

An unauthenticated remote attacker can execute arbitrary code with root/SYSTEM privileges.

http://kb.commvault.com/article/SEC0013

https://www.kb.cert.org/vuls/id/214283

https://www.exploit-db.com/exploits/41823/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s