CVE-2024-13976

HIGH

Commvault for Windows <11.20.0-11.36.0 - Code Injection

Title source: llm
STIX 2.1

Description

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15.

References (2)

Scores

CVSS v4 8.5
EPSS 0.0003
EPSS Percentile 8.0%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (5)
Commvault/Commvault for Windows 11.20.0 - 11.20.202
Commvault/Commvault for Windows 11.28.0 - 11.28.124
Commvault/Commvault for Windows 11.32.0 - 11.32.65
Commvault/Commvault for Windows 11.34.0 - 11.34.37
Commvault/Commvault for Windows 11.36.0 - 11.36.15
Published Jul 25, 2025
Tracked Since Feb 18, 2026