CyberSec.Space Logo
Back to CVE Browser

CVE-2017-17412

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile16.84th
PublishedFeb 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223.

Affected Platforms (CPE)

📦
Quest

Netvault Backup

= 11.3.0.12

References & Advisories

🔗 https://zerodayinitiative.com/advisories/ZDI-17-974
🔗 https://zerodayinitiative.com/advisories/ZDI-17-974

Related Vulnerabilities

CVE-2015-406710.0

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via ...

CVE-2017-174159.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...

CVE-2017-174169.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...

CVE-2017-174149.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...