What is CVE-2017-18044?

CVE-2017-18044 is a vulnerability in N/a. Published 2018-01-19.

Is CVE-2017-18044 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2017-18044

A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before pas…

EPSS: 0.826 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

securifera/CVE-2017-18044-Exploit
rapid7/metasploit-framework

References

github.com/rapid7/metasploit-framework/pull/9389 (x_refsource_MISC)
github.com/rapid7/metasploit-framework/pull/9340 (x_refsource_MISC)
www.securifera.com/advisories/sec-2017-0001/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-18044?: CVE-2017-18044 is a vulnerability in N/a. Published 2018-01-19.
Is CVE-2017-18044 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.