Commvault plugs holes in backup suite that allow remote code execution - Help Net Security

WatchTowr Labs researchers have identified four critical security vulnerabilities in Commvault's flagship backup and replication suite that could allow unauthenticated attackers to completely compromise on-premises deployments.

These flaws affect core management components and can be chained together to achieve remote code execution, potentially giving attackers complete control over enterprise backup systems. The vulnerabilities impact Commvault versions 11.32.0 through 11.32.101 and 11.36.0 through 11.36.59, making backup data particularly vulnerable to theft or destruction by ransomware operators who historically target backup infrastructure.

• Password leakage and hard-coded decryption keys enable privilege escalation from low-level accounts to administrator access
• Argument injection and path traversal flaws allow attackers to inject webshells and execute arbitrary commands remotely
• Two distinct exploitation chains work against unpatched instances, with one requiring unchanged default passwords
• Immediate updates to versions 11.32.102, 11.36.60, or 11.38.32 are essential for protection against these enterprise-grade threats