CVE-2017-17412 – CVE-2017-17412 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17412?

CVE-2017-17412 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17412 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All systems running vulnerable versions of Quest NetVault Backup are affected.

📋 TL;DR

CVE-2017-17412 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All systems running vulnerable versions of Quest NetVault Backup are affected.

💻 Affected Systems

Products:

Quest NetVault Backup

Versions: 11.3.0.12 and likely earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web interface component that handles GET requests. No authentication is required to exploit.

📦 What is this software?

Netvault Backup by Quest

View all CVEs affecting Netvault Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the database server and potentially pivoting to other systems in the network.

🟠

Likely Case

Data exfiltration, database corruption, or installation of backdoors/malware on the database server.

🟢

If Mitigated

Attack blocked at network perimeter; no impact if proper input validation and SQL parameterization are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI published exploit details and proof-of-concept. The vulnerability is trivial to exploit due to lack of input validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.3.0.13 or later

Vendor Advisory: https://support.quest.com/netvault-backup/kb/293038/netvault-backup-security-vulnerability-notification-cve-2017-17412

Restart Required: Yes

Instructions:

1. Download the latest patch from Quest support portal. 2. Stop NetVault Backup services. 3. Apply the patch. 4. Restart services. 5. Verify version is 11.3.0.13 or higher.

🔧 Temporary Workarounds

Network Segmentation

all

Block external access to NetVault Backup web interface (default port 20031)

iptables -A INPUT -p tcp --dport 20031 -j DROP
netsh advfirewall firewall add rule name="Block NetVault" dir=in action=block protocol=TCP localport=20031

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Immediately restrict network access to only trusted IP addresses
Implement database-level controls: use least privilege accounts, enable SQL Server audit logging

🔍 How to Verify

Check if Vulnerable:

Check NetVault Backup version in web interface or installation directory. Version 11.3.0.12 is vulnerable.

Check Version:

On Windows: Check HKLM\SOFTWARE\Quest\NetVault\Version. On Linux: cat /opt/quest/netvault/version.txt

Verify Fix Applied:

Verify version is 11.3.0.13 or higher. Test SQL injection attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL syntax in web logs
GET requests with SQL keywords in parameters

Network Indicators:

Unusual outbound connections from database server
SQL commands in HTTP GET requests to port 20031

SIEM Query:

source="netvault.log" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE") AND status=200

📊 Metadata

CVE ID: CVE-2017-17412

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 8, 2018

Last Updated: November 21, 2024

🔗 References

https://zerodayinitiative.com/advisories/ZDI-17-974 Third Party Advisory,VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-974 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17412, you might also want to check these: