10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.035 Low
EPSS
Percentile
91.5%
Commvault Edge, version 11 SP6 (11.80.50.0), is vulnerable to a stack-based buffer overflow vulnerability.
CWE-121: Stack-based Buffer Overflow - CVE-2017-3195
A stack based buffer overflow in the Commvault Edge Communication Service (cvd) allows remote attackers to execute arbitrary code via crafted packets, exploiting weaknesses in the key exchange mechanism. Access to TCP port 8400 (by default) on the target machine is necessary to exploit this vulnerability.
An unauthenticated remote attacker can execute arbitrary code with root/SYSTEM privileges.
Apply an update
Commvault has provided fixes in the latest service pack (SP7 and above) to address the vulnerability. SP6 customers can use hotfix 590.
214283
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 24, 2017 Updated: March 16, 2017
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 7.8 | E:POC/RL:OF/RC:C |
Environmental | 2.0 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Claudio Moletta for reporting this vulnerability.
This document was written by Trent Novelly.
CVE IDs: | CVE-2017-3195 |
---|---|
Date Public: | 2017-03-15 Date First Published: |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.035 Low
EPSS
Percentile
91.5%