CVE-2017-17655 : What You Need to Know
Learn about CVE-2017-17655, a vulnerability in Quest NetVault Backup 11.3.0.12 allowing unauthorized code execution. Find mitigation steps and preventive measures here.
A security weakness in Quest NetVault Backup 11.3.0.12 allows unauthorized code execution without authentication, originating from improper SQL query validation.
Understanding CVE-2017-17655
What is CVE-2017-17655?
This CVE identifies a vulnerability in Quest NetVault Backup 11.3.0.12 that permits unauthorized code execution without requiring authentication.
The Impact of CVE-2017-17655
The vulnerability allows attackers to run unauthorized code on vulnerable systems, exploiting a flaw in the NVBUBackup PluginList method's request processing.
Technical Details of CVE-2017-17655
Vulnerability Description
The vulnerability stems from inadequate validation of user-provided strings before constructing SQL queries, enabling attackers to execute code within the database environment.
Affected Systems and Versions
- Product: Quest NetVault Backup
- Vendor: Quest
- Version: 11.3.0.12
Exploitation Mechanism
Attackers can exploit this weakness by leveraging the lack of proper validation in the NVBUBackup PluginList method, allowing them to execute code in the database context.
Mitigation and Prevention
Immediate Steps to Take
- Apply security patches provided by Quest promptly.
- Implement network segmentation to limit access to vulnerable systems.
- Monitor and restrict external access to affected systems.
Long-Term Security Practices
- Regularly update and patch software to address known vulnerabilities.
- Conduct security assessments and penetration testing to identify and remediate weaknesses.
Patching and Updates
Ensure that all systems running Quest NetVault Backup are updated with the latest patches and security fixes.