©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Commvault Communications Service command injection attempt
This event is generated when command injection is attempted in Commvault V11 SP5 and prior cvd.exe service running on TCP port 8400. Impact: Attempted Administrator Privilege Gain Details: The message type 9 in Commvault V11 SP5 and prior for cvd.exe service is vulnerable to command injection attack. Based on the public metasploit modules for this vuln; the cvd.exe executes the commands when the input data is more than 346 bytes. This exploit is tested on Windows system only. Ease of Attack: Simple. Attacker can use the public exploit module to exploit this vuln. As the cvd.exe is running with \SYSTEM level priv the commands can be executed with \SYSTEM
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.