プラットフォーム
windows
コンポーネント
commvault
修正版
11.32.60
11.32.60
11.32.60
11.34.34
11.36.8
CVE-2024-13975 describes a local privilege escalation vulnerability within the Commvault File Server Agent. Successful exploitation allows a local attacker to compromise assigned Windows access nodes, potentially leading to unauthorized access and lateral movement within the backup infrastructure. This vulnerability impacts Commvault File Server Agent versions 11.20.0 through 11.36.0. Patches are available in versions 11.32.60, 11.34.34, and 11.36.8.
The impact of CVE-2024-13975 is significant, as it allows a local attacker, possessing only client system access, to escalate privileges and potentially compromise the entire Commvault backup infrastructure. An attacker could leverage this vulnerability to gain unauthorized access to sensitive data stored within backups, modify backup configurations, or disrupt backup operations. Lateral movement becomes possible, allowing the attacker to move between access nodes and potentially gain control of the Commvault server itself. This vulnerability shares similarities with other local privilege escalation exploits, where attackers exploit weaknesses in system services or drivers to gain elevated privileges.
CVE-2024-13975 was published on 2025-07-25. The EPSS score is pending evaluation. Currently, no public proof-of-concept exploits are publicly available. It is not listed on the CISA KEV catalog at the time of writing. Given the local nature of the vulnerability and the potential for significant impact, organizations should prioritize patching.
Organizations heavily reliant on Commvault for backup and recovery are at significant risk. Environments with weak access controls on client systems, or those running legacy Commvault File Server Agent versions without regular patching, are particularly vulnerable. Shared hosting environments utilizing Commvault agents also present a heightened risk due to the potential for cross-tenant exploitation.
• windows / supply-chain:
Get-Process -Name CommvaultFileServerAgent | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID=1000 -ProviderName CommvaultFileServerAgent" -Newest 50• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Commvault*'}disclosure
エクスプロイト状況
EPSS
0.02% (6% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2024-13975 is to upgrade the Commvault File Server Agent to a patched version: 11.32.60, 11.34.34, or 11.36.8. If an immediate upgrade is not feasible, consider implementing stricter access controls on the client systems hosting the agent to limit the potential impact of a successful attack. Review and harden the permissions granted to the agent's service account. While a WAF or proxy cannot directly mitigate this local privilege escalation, network segmentation can limit lateral movement if the agent is compromised. After upgrading, verify the fix by attempting to reproduce the vulnerability using known exploitation techniques and confirming that the privilege escalation is prevented.
Actualice Commvault a la versión 11.32.60, 11.34.34 o 11.36.8, o a una versión posterior. Esto corrige la vulnerabilidad de escalada de privilegios local. Consulte el aviso de seguridad de Commvault para obtener más detalles e instrucciones.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-13975 is a vulnerability allowing a local attacker to escalate privileges within the Commvault File Server Agent, potentially compromising the entire backup infrastructure.
You are affected if you are running Commvault File Server Agent versions 11.20.0 through 11.36.0. Upgrade to a patched version to mitigate the risk.
Upgrade the Commvault File Server Agent to version 11.32.60, 11.34.34, or 11.36.8. Implement stricter access controls as an interim measure.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and patching.
Refer to the official Commvault security advisory for detailed information and patching instructions. Check the Commvault support portal for the latest updates.