CVE-2017-17414 – CVE-2017-17414 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17414?

CVE-2017-17414 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17414 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All users running vulnerable versions of Quest NetVault Backup are affected.

📋 TL;DR

CVE-2017-17414 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All users running vulnerable versions of Quest NetVault Backup are affected.

💻 Affected Systems

Products:

Quest NetVault Backup

Versions: 11.3.0.12 and likely earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the NVBUPhaseStatus Get method handler and requires no authentication to exploit.

📦 What is this software?

Netvault Backup by Quest

View all CVEs affecting Netvault Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database server leading to data theft, system takeover, and lateral movement within the network.

🟠

Likely Case

Database compromise allowing data exfiltration, privilege escalation, and potential remote code execution on the database host.

🟢

If Mitigated

Limited impact if proper network segmentation, database hardening, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI published detailed advisory with exploitation details. The vulnerability is easily exploitable via crafted HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.3.0.13 or later

Vendor Advisory: https://support.quest.com/netvault-backup/kb/293038/netvault-backup-security-vulnerability-notification-cve-2017-17414

Restart Required: Yes

Instructions:

1. Download the latest patch from Quest support portal. 2. Stop NetVault Backup services. 3. Apply the patch. 4. Restart services. 5. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to NetVault Backup web interface to trusted networks only

Configure firewall rules to block external access to NetVault Backup ports (typically 80/443)

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Configure WAF to block SQL injection patterns in HTTP requests to /nvbu/NVBUPhaseStatus

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy database monitoring and intrusion detection systems

🔍 How to Verify

Check if Vulnerable:

Check NetVault Backup version via web interface or installation directory. Versions 11.3.0.12 and earlier are vulnerable.

Check Version:

Check NetVault Backup web interface or installation properties file for version information

Verify Fix Applied:

Verify version is 11.3.0.13 or later. Test SQL injection attempts should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
HTTP requests to /nvbu/NVBUPhaseStatus with SQL syntax
Failed authentication attempts followed by SQL injection patterns

Network Indicators:

HTTP POST requests containing SQL keywords (SELECT, UNION, etc.) to NetVault Backup endpoints
Unusual outbound database connections from NetVault Backup server

SIEM Query:

source="netvault.log" AND ("NVBUPhaseStatus" AND ("SELECT" OR "UNION" OR "EXEC"))

📊 Metadata

CVE ID: CVE-2017-17414

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 8, 2018

Last Updated: November 21, 2024

🔗 References

https://zerodayinitiative.com/advisories/ZDI-17-979 Third Party Advisory,VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-979 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17414, you might also want to check these: