Commvault is a broadly used knowledge safety, backup, and restoration software program platform, with customers like Amazon, Walmart, and Apple, that, if breached, can enable disruption to a company’s backup operations, along with unauthorized entry, lateral motion, and deployment of malware and ransomware.
SSRF flaw escalated to code execution
The vulnerability was reported by watchTowr Labs researcher Sonny Macdonald as a server-side request forgery (SSRF) problem in a pre-authenticated endpoint known as deployWebpackage.do. Macdonald known as it a “very easy pre-auth SSRF vulnerability, as there isn’t a filtering limiting the hosts that may be communicated with.”
“SSRF vulnerabilities are somewhat tough to find, however they’ll trigger vital injury,” mentioned Thomas Richards, infrastructure security apply director at Black Duck. “Customers of Commvault ought to patch their set up instantly and start forensic examination to find out if their occasion was exploited. If the occasion was uncovered to the web in any respect, firewall restrictions must be put in place to regulate who can entry it.”
SSRF — a flaw enabling attackers to trick a server into making unauthorized requests to inner or exterior techniques — can not (by itself) enable code execution. On this explicit case, nonetheless, Macdonald constructed a PoC exploit to indicate how this pre-authenticated SSRF might be escalated to permit RCE.