Platform
windows
Component
commvault
Fixed in
11.32.60
11.32.60
11.32.60
11.34.34
11.36.8
CVE-2024-13975 describes a local privilege escalation vulnerability within the Commvault File Server Agent. Successful exploitation allows a local attacker to compromise assigned Windows access nodes, potentially leading to unauthorized access and lateral movement within the backup infrastructure. This vulnerability impacts Commvault File Server Agent versions 11.20.0 through 11.36.0. Patches are available in versions 11.32.60, 11.34.34, and 11.36.8.
The impact of CVE-2024-13975 is significant, as it allows a local attacker, possessing only client system access, to escalate privileges and potentially compromise the entire Commvault backup infrastructure. An attacker could leverage this vulnerability to gain unauthorized access to sensitive data stored within backups, modify backup configurations, or disrupt backup operations. Lateral movement becomes possible, allowing the attacker to move between access nodes and potentially gain control of the Commvault server itself. This vulnerability shares similarities with other local privilege escalation exploits, where attackers exploit weaknesses in system services or drivers to gain elevated privileges.
CVE-2024-13975 was published on 2025-07-25. The EPSS score is pending evaluation. Currently, no public proof-of-concept exploits are publicly available. It is not listed on the CISA KEV catalog at the time of writing. Given the local nature of the vulnerability and the potential for significant impact, organizations should prioritize patching.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
The primary mitigation for CVE-2024-13975 is to upgrade the Commvault File Server Agent to a patched version: 11.32.60, 11.34.34, or 11.36.8. If an immediate upgrade is not feasible, consider implementing stricter access controls on the client systems hosting the agent to limit the potential impact of a successful attack. Review and harden the permissions granted to the agent's service account. While a WAF or proxy cannot directly mitigate this local privilege escalation, network segmentation can limit lateral movement if the agent is compromised. After upgrading, verify the fix by attempting to reproduce the vulnerability using known exploitation techniques and confirming that the privilege escalation is prevented.
Actualice Commvault a la versión 11.32.60, 11.34.34 o 11.36.8, o a una versión posterior. Esto corrige la vulnerabilidad de escalada de privilegios local. Consulte el aviso de seguridad de Commvault para obtener más detalles e instrucciones.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13975 is a vulnerability allowing a local attacker to escalate privileges within the Commvault File Server Agent, potentially compromising the entire backup infrastructure.
You are affected if you are running Commvault File Server Agent versions 11.20.0 through 11.36.0. Upgrade to a patched version to mitigate the risk.
Upgrade the Commvault File Server Agent to version 11.32.60, 11.34.34, or 11.36.8. Implement stricter access controls as an interim measure.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and patching.
Refer to the official Commvault security advisory for detailed information and patching instructions. Check the Commvault support portal for the latest updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.