Commvault is a extensively used information safety, backup, and restoration software program platform, with customers like Amazon, Walmart, and Apple, that, if breached, can enable disruption to a company’s backup operations, along with unauthorized entry, lateral motion, and deployment of malware and ransomware.
SSRF flaw escalated to code execution
The vulnerability was reported by watchTowr Labs researcher Sonny Macdonald as a server-side request forgery (SSRF) problem in a pre-authenticated endpoint known as deployWebpackage.do. Macdonald known as it a “very easy pre-auth SSRF vulnerability, as there is no such thing as a filtering limiting the hosts that may be communicated with.”
“SSRF vulnerabilities are slightly tough to find, however they will trigger vital injury,” stated Thomas Richards, infrastructure safety follow director at Black Duck. “Customers of Commvault ought to patch their set up instantly and start forensic examination to find out if their occasion was exploited. If the occasion was uncovered to the web in any respect, firewall restrictions needs to be put in place to manage who can entry it.”
SSRF — a flaw enabling attackers to trick a server into making unauthorized requests to inner or exterior techniques — can’t (by itself) enable code execution. On this explicit case, nevertheless, Macdonald constructed a PoC exploit to point out how this pre-authenticated SSRF might be escalated to permit RCE.
