CVE-2017-3195

CRITICAL

Commvault Edge < 11 SP7 or 11 SP6 < Hotfix 590 - Stack-Based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-3195. PoCs published by redr2e.

AI-analyzed exploit summary This exploit targets CVE-2017-3195, a buffer overflow vulnerability in the SSL VPN service of a specific software. It sends three crafted packets to trigger the overflow, potentially leading to remote code execution.

Description

Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.

Exploits (1)

exploitdb WORKING POC

by redr2e · pythondoswindows

https://www.exploit-db.com/exploits/41823

View Code ZIP pw:eip

This exploit targets CVE-2017-3195, a buffer overflow vulnerability in the SSL VPN service of a specific software. It sends three crafted packets to trigger the overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a specific SSL VPN implementation)

No auth needed

Prerequisites: Network access to the target service on port 8400

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_confirm

http://kb.commvault.com/article/SEC0013

Third Party Advisory x_refsource_misc

http://redr2e.com/commvault-edge-cve-2017-3195/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41823/

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/214283

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96941

Scores

CVSS v3 9.8

EPSS 0.2139

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-121

Status published

Products (3)

commvault/edge 11.0.0 (7 CPE variants)

Commvault/Service Pack 6 Version 11 prior to SP7

Commvault/Service Pack 6 version 11 SP6 prior to hotfix 590

Published Dec 16, 2017

Tracked Since Feb 18, 2026