CVE-2024-13976 Information

Description

A DLL injection vulnerability exists in Commvault for Windows 11.20.0 11.28.0 11.32.0 11.34.0 and 11.36.0. During the installation of maintenance updates an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202 11.28.124 11.32.65 11.34.37 and 11.36.15.

Reference

https://documentation.commvault.com/securityadvisories/CV_2024_09_2.html https://www.vulncheck.com/advisories/commvault-for-windows-maintenance-installer-dll-injection

Related CNNVD

CNNVD-202507-3282 (Published: 2025-07-25)