CVE-2017-18044

CRITICAL

Commvault < 11.0 - OS Command Injection

Title source: rule

Description

A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.

Exploits (2)

nomisec WORKING POC 4 stars

by securifera · poc

https://github.com/securifera/CVE-2017-18044-Exploit

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by b0yd · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/commvault_cmd_exec.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/9340

[Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/9389

[Third Party Advisory] https://www.securifera.com/advisories/sec-2017-0001/

Scores

CVSS v3 9.8

EPSS 0.8265

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

commvault/commvault 11.0 sp1 (5 CPE variants)

commvault/commvault < 11.0

Published Jan 19, 2018

Tracked Since Feb 18, 2026