CVE-2017-17422 - OpenCVE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Quest	Netvault Backup

Configuration 1 [-]

cpe:2.3:a:quest:netvault_backup:11.3.0.12:*:*:*:*:*:*:*

References

Link	Resource
https://zerodayinitiative.com/advisories/ZDI-17-975	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zdi

Published: 2018-02-08T18:00:00

Updated: 2018-02-08T17:57:01

Reserved: 2017-12-05T00:00:00

Link: CVE-2017-17422

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-08T18:29:00.697

Modified: 2019-10-09T23:25:33.833

Link: CVE-2017-17422

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Quest NetVault Backup", "vendor": "Quest", "versions": [{"status": "affected", "version": "11.3.0.12"}]}], "datePublic": "2017-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-08T17:57:01", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zerodayinitiative.com/advisories/ZDI-17-975"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2017-17422", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Quest NetVault Backup", "version": {"version_data": [{"version_value": "11.3.0.12"}]}}]}, "vendor_name": "Quest"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://zerodayinitiative.com/advisories/ZDI-17-975", "refsource": "MISC", "url": "https://zerodayinitiative.com/advisories/ZDI-17-975"}]}}}}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2017-17422", "datePublished": "2018-02-08T18:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2018-02-08T17:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quest:netvault_backup:11.3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "AF09118D-83F5-41E0-A956-24922A284703", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233."}, {"lang": "es", "value": "Esta vulnerabilidad permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en instalaciones vulnerables de Quest NetVault Backup 11.3.0.12. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Este error en concreto existe en la gesti\u00f3n de peticiones de m\u00e9todo GET NVBUBackup. El problema deriva de la falta de validaci\u00f3n correcta de una cadena proporcionada por el usuario antes de emplearla para construir consultas SQL. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la base de datos subyacente. Anteriormente era ZDI-CAN-4233."}], "id": "CVE-2017-17422", "lastModified": "2019-10-09T23:25:33.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-08T18:29:00.697", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://zerodayinitiative.com/advisories/ZDI-17-975"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}