CVE-2024-13975
HIGHCommvault for Windows <11.32.0-11.36.0 - Privilege Escalation
Title source: llmDescription
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/commvault-for-windows-access-nodes-compromise
Various Sources vendor-advisory
patch
https://documentation.commvault.com/securityadvisories/CV_2024_09_1.html
Scores
CVSS v4
8.5
EPSS
0.0011
EPSS Percentile
1.8%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (5)
Commvault/Commvault
11.20.0 - 11.32.60
Commvault/Commvault
11.28.0 - 11.32.60
Commvault/Commvault
11.32.0 - 11.32.60
Commvault/Commvault
11.34.0 - 11.34.34
Commvault/Commvault
11.36.0 - 11.36.8
Published
Jul 25, 2025
Tracked Since
Feb 18, 2026