CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-17413

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile42.47th
Published2018年2月8日
Last Modified2024年11月21日

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4224.

Affected Platforms (CPE)

📦
Quest

Netvault Backup

= 11.3.0.12

References & Advisories

🔗 https://zerodayinitiative.com/advisories/ZDI-17-978
🔗 https://zerodayinitiative.com/advisories/ZDI-17-978

相關漏洞威脅

CVE-2015-406710.0

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via ...

CVE-2017-174159.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...

CVE-2017-174169.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...

CVE-2017-174149.8

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.1...