Commvault Communication Service (CVD) Command Injection Vulnerability

Article ID: CVD0006 Commvault Communication Service (CVD) Command Injection Vulnerability

Title

Commvault Communication Service (CVD) Command Injection Vulnerability

Reference

Vulnerability exists in the cvd.exe service that allows an attacker to execute arbitrary commands in the context of the service. MetaSploit identification of vulnerability is reported here.

This vulnerability was addressed in Service Pack 7 for Commvault software Version 11 and Service Pack 15 for Version 10. Commvault software administrators are encouraged to install the service packs listed above or the latest available service pack for the applicable software version.