Article ID: 63264
Article Type: Troubleshooting
Last Modified:
There is a security vulnerability with viewing log files for Commvault Service Pack 14, Service Pack 15, Service Pack 16, Service Pack 17, and Service Pack 18.
The protocol used for the View Log Files operation can be exploited to traverse outside of the Log Files folder, allowing the contents of the file system to be viewed and downloaded.
An attacker can create a custom application that uses the view log files protocol. The log file path in the request can be manipulated to use relative paths containing dot dot (..) (for example: C:\Program Files\Commvault\ContentStore\Log Files\..\..\..\..\secret.txt). This allows the application to traverse the file system to view and download files. Files are fetched using the AUTHORITY/SYSTEM account, so any file is accessible to an attacker.
The following hotfix packs, dated March 12, 2020, contain a fix for a security vulnerability that is related to viewing log files in the CommCell environment. With this fix, viewing log files is limited to the log files folder only.
Note: The security vulnerability does not exist in Feature Release 11.19 and later feature releases.
To fix the security vulnerability, download and install the hotfix pack, dated March 12, 2020 (or later), for your service pack level on all of the clients in the CommCell environment.
| Service Pack | Hotfix Pack Number |
|---|---|
| SP14 | 14.68 |
| SP15 | 15.58 |
| SP16 | 16.44 |
| SP17 | 17.29 |
| SP18 | 18.13 |
Discovered by Ron Lifinski, Offensive Security Researcher at Novartis TLV Cyber Center as posted in the following CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25780
