CVE-2024-13975
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| commvault | commvault | 11.28.0 |
| commvault | commvault | 11.34.0 |
| commvault | commvault | 11.20.0 |
| commvault | commvault | 11.36.0 |
| commvault | commvault | 11.32.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-13975 is a local privilege escalation vulnerability in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. It affects Windows access nodes used in file server data protection jobs. An attacker who has local access and owns a client system with the file server agent installed can compromise assigned Windows access nodes, potentially gaining unauthorized access or moving laterally within the backup infrastructure. Remote exploitation is not possible. The vulnerability has been fixed in versions 11.32.60, 11.34.34, and 11.36.8. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges and the file server agent installed on their client system to compromise Windows access nodes assigned to that agent. This can lead to unauthorized access, lateral movement within the backup infrastructure, and potentially full compromise of confidentiality, integrity, and availability of the affected systems. The attack complexity is low and does not require user interaction. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if your Commvault Windows access nodes are running affected versions (11.20.0, 11.28.0, 11.32.0, 11.34.0, or 11.36.0) and if the file server agent is installed on client systems. You can check the installed Commvault version on Windows access nodes by running commands like 'commvault version' or checking the installed programs via PowerShell: Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Commvault*' }. Additionally, verify if the file server agent service is installed and running using 'Get-Service' in PowerShell or 'sc query' in Command Prompt. Since exploitation requires local access and file server agent ownership, monitoring local user privileges and installed agents is key. Specific detection commands are not detailed in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade affected Commvault Windows access nodes to the fixed versions: 11.32.60, 11.34.34, or 11.36.8, depending on your current version. Installing the specified minimum maintenance release corresponding to your platform version will resolve the vulnerability. Since remote exploitation is not possible, limiting local access and ensuring only authorized users have file server agent ownership can also reduce risk. [1]