CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 1CVE-2017-3195 – CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-3195
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges. Commvault Edge Communication Service (cvd) en su versión 11 SP7 o la versión 11 SP6 con hotfix 590 es vulnerable a un desbordamiento de búfer basado en pila, lo que puede conducir a una ejecución de código arbitrario con privilegios de administrador. • https://www.exploit-db.com/exploits/41823 http://kb.commvault.com/article/SEC0013 http://redr2e.com/commvault-edge-cve-2017-3195 http://www.securityfocus.com/bid/96941 https://www.kb.cert.org/vuls/id/214283 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7253
https://notcve.org/view.php?id=CVE-2015-7253
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. La Web Console en Commvault Edge Server 10 R2 permite a atacantes remotos ejecutar comandos OS arbitrarios a través de datos serializados en una cookie. • http://www.kb.cert.org/vuls/id/866432 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •