Pre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the flaw exposes high-value targets owing to Commvault’s popularity. “Commvault is often deployed in environments managing critical infrastructure and disaster recovery,” Renfrow said. “A compromise here could impact not just data integrity but also a company’s ability to recover from ransomware or system failure, turning a single flaw into a multi-vector crisis.” In its description of the flaw, Commvault said the vulnerability could lead to a complete compromise of the Command Center environment, although other installations within the same system are not affected. The CVSS 9.0 vulnerability affecting versions 11.38.0 and 11.38.19 was fixed by the company earlier this month, and patches were rolled out with the 11.38.20 update.Isolating the Command Center installation from external network access is a workaround users can implement if updating isn’t an option for them, Commvault said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3970946/critical-commvault-ssrf-could-allow-attackers-to-execute-code-remotely.html
