平台
other
组件
commvault-commcell
修复版本
11.22.23
CVE-2021-34993 describes a critical authentication bypass vulnerability in Commvault CommCell versions up to 11.22.22. This flaw allows attackers to bypass authentication controls and potentially gain unauthorized access to the system. The vulnerability resides within the CVSearchService and stems from insufficient validation before authentication. Commvault has released a patch to address this issue.
The impact of CVE-2021-34993 is severe due to the ease of exploitation and the potential for widespread compromise. An attacker can leverage this vulnerability to gain unauthorized access to CommCell environments without needing valid credentials. This could lead to data breaches, data manipulation, system disruption, and potentially lateral movement within the network. Successful exploitation could allow an attacker to access sensitive data stored and managed by CommCell, including backups and recovery information. The lack of authentication requirements significantly lowers the barrier to entry for malicious actors.
CVE-2021-34993 was disclosed publicly on January 13, 2022. It is considered a high-priority vulnerability due to its critical severity and ease of exploitation. While no active exploitation campaigns have been publicly confirmed, the lack of authentication requirements makes it an attractive target for attackers. The vulnerability was initially reported to Commvault as ZDI-CAN-13706. It has not been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on Commvault CommCell for backup and recovery are particularly at risk. Environments with legacy CommCell deployments or those lacking robust network segmentation are also more vulnerable. Shared hosting environments where multiple tenants share a CommCell instance could expose all tenants to this vulnerability.
• windows / server: Monitor CommCell service accounts for unusual activity. Check event logs for authentication failures followed by successful access. Use Sysinternals tools (e.g., Process Monitor) to observe network connections to the CVSearchService.
Get-WinEvent -LogName Security -Filter "EventID = 4625" -MaxEvents 100 | Where-Object {$_.Properties[0].Value -like '*CVSearchService*'}• linux / server: Monitor CommCell service user accounts for unusual login attempts. Review auditd logs for authentication failures followed by successful access. Use lsof to identify processes accessing the CVSearchService.
lsof -i :8080 # Assuming CVSearchService uses port 8080• generic web: Monitor access logs for requests to the CVSearchService endpoint without authentication headers. Look for unusual user agents or IP addresses.
grep -i 'CVSearchService' /var/log/apache2/access.logdisclosure
patch
漏洞利用状态
EPSS
0.46% (64% 百分位)
CVSS 向量
The primary mitigation for CVE-2021-34993 is to upgrade Commvault CommCell to a patched version. Refer to the Commvault advisory for the specific fixed version. If immediate patching is not possible due to compatibility concerns or testing requirements, consider implementing network segmentation to restrict access to the CommCell server. Review and strengthen existing access controls and monitoring to detect any suspicious activity. While a WAF cannot directly prevent this authentication bypass, it can help detect and block malicious requests targeting the vulnerable endpoint. After upgrading, verify the fix by attempting to access the CVSearchService without providing valid credentials; access should be denied.
将 Commvault CommCell 更新到 11.22.22 之后的版本以修复 CVSearchService 服务中的身份验证绕过漏洞。请参阅供应商网站以获取具体的更新说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-34993 is a critical vulnerability allowing attackers to bypass authentication in Commvault CommCell versions up to 11.22.22, potentially granting unauthorized access.
If you are running Commvault CommCell version 11.22.22 or earlier, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade Commvault CommCell to a version containing the security patch released by Commvault. Refer to the official Commvault advisory for details.
While no active exploitation campaigns have been publicly confirmed, the ease of exploitation makes it a potential target. Continuous monitoring is recommended.
Refer to the Commvault security advisory for CVE-2021-34993 on the Commvault website: [https://www.commvault.com/support/security/advisories/sb23001-cve-2021-34993](https://www.commvault.com/support/security/advisories/sb23001-cve-2021-34993)