HTTP: Commvault CommCell CVSearchService downLoadFile Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Commvault CommCell. A successful attack can lead to security bypass.
Extended Description
This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-13706.
Affected Products
Commvault commcell
References
CVE: CVE-2021-34993
Short Name
HTTP:CTS:COMMVAULT-AUTH-BYPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Authentication Bypass CVE-2021-34993 CVSearchService CommCell Commvault downLoadFile
Release Date
12/30/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3459
False Positive
Unknown
Vendors
Commvault
CVSS Score
7.5