CVE-2017-17423 in NetVault Backup
Summary
by MITRE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/03/2020
CVE-2017-17423 represents a critical SQL injection vulnerability in Quest NetVault Backup version 11.3.0.12 that exposes systems to remote code execution without authentication requirements. This vulnerability resides in the NVBUBackupSegment Get method implementation where user-supplied input is inadequately validated before being incorporated into SQL query construction. The flaw constitutes a direct violation of secure coding principles and aligns with CWE-89, which specifically addresses SQL injection vulnerabilities. Attackers can exploit this weakness by crafting malicious requests that manipulate the SQL query execution flow, potentially gaining unauthorized access to the underlying database system. The vulnerability's remote exploitability without authentication makes it particularly dangerous as it eliminates the need for prior system compromise or credential acquisition. This type of vulnerability falls under the ATT&CK technique T1071.005 for application layer protocol usage and T1190 for exploit for client execution, as it enables remote code execution through manipulated backup segment requests. The impact extends beyond simple data compromise as successful exploitation allows attackers to execute arbitrary database commands, potentially leading to full system takeover or data exfiltration. Organizations running this vulnerable version face significant risk as the vulnerability affects the core backup functionality that typically requires elevated privileges and is often deployed in critical infrastructure environments. The lack of authentication requirements means that any network-accessible system running the vulnerable NetVault Backup software can be targeted by remote attackers. This vulnerability demonstrates a fundamental flaw in input validation and query construction practices, where string concatenation is used instead of parameterized queries or proper sanitization mechanisms. The database context execution capability represents a severe escalation risk as attackers can leverage the compromised backup system to access sensitive backup data, modify backup configurations, or potentially pivot to other systems within the network. Security professionals should consider this vulnerability as part of broader database security assessments and implement immediate mitigations including software updates, network segmentation, and monitoring for suspicious backup segment requests. The vulnerability's classification as a remote code execution flaw makes it a prime target for automated exploitation tools and increases the urgency for remediation across affected environments. Organizations should also implement network-level controls to restrict access to backup services and ensure proper patch management processes are in place to prevent similar vulnerabilities in future software releases.