Commvault is a widely used data protection, backup and recovery software platform that, besides violating users like Amazon, Walmart, and Apple, can also undermine your organization’s backup operations in addition to unauthorized access, lateral movement, and deployment of malware and junk software.
SSRF defect upgraded to code execution
WatchTowr Labs researcher Sonny MacDonald reported the vulnerability as a server-side request forgery (SSRF) issue called Deploywebpackage.do. MacDonald calls it a “very simple pre-auth ssrf vulnerability because there is no filtering limit to filtering with communicable hosts.”
“The SSRF vulnerability is hard to detect, but can cause significant damage,” said Thomas Richards, Director of Security Business at Black Duck. “Commvault users should immediately patch their installation and start a forensic check to determine if its instance is exploited. If the instance is fully exposed to the Internet, firewall restrictions should be taken to control who can access it.”
SSRF – A flaw that enables an attacker to trick the server into making unauthorized requests to internal or external systems – cannot allow code execution itself. However, in this particular case, MacDonald created a POC vulnerability to show how to upgrade this pre-customized SSRF to allow RCE.
