CVE-2017-17422 – CVE-2017-17422 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17422?

CVE-2017-17422 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17422 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution in the context of the database service. All systems running vulnerable versions of NetVault Backup are affected.

📋 TL;DR

CVE-2017-17422 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution in the context of the database service. All systems running vulnerable versions of NetVault Backup are affected.

💻 Affected Systems

Products:

Quest NetVault Backup

Versions: 11.3.0.12 and likely earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable as authentication is not required for exploitation.

📦 What is this software?

Netvault Backup by Quest

View all CVEs affecting Netvault Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, data theft, and potential lateral movement within the network.

🟠

Likely Case

Database compromise leading to data exfiltration, backup corruption, and potential privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and database hardening are implemented.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-exposed systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, unauthenticated access allows attackers to exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI published detailed advisory with exploitation details. The vulnerability is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.3.0.13 or later

Vendor Advisory: https://support.quest.com/netvault-backup/kb/293038/quest-netvault-backup-security-vulnerabilities-november-2017

Restart Required: Yes

Instructions:

1. Download latest patch from Quest support portal. 2. Stop NetVault Backup services. 3. Apply patch. 4. Restart services. 5. Verify version is 11.3.0.13 or higher.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to NetVault Backup service ports (typically TCP 20031-20034) to trusted IPs only.

Use firewall rules to limit access: iptables -A INPUT -p tcp --dport 20031:20034 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 20031:20034 -j DROP

Web Application Firewall

all

Deploy WAF with SQL injection protection rules to block malicious NVBUBackup requests.

🧯 If You Can't Patch

Isolate NetVault Backup servers in separate network segment with strict access controls
Implement database hardening: use least privilege accounts, disable unnecessary stored procedures

🔍 How to Verify

Check if Vulnerable:

Check NetVault Backup version via web interface or service logs. Version 11.3.0.12 is vulnerable.

Check Version:

On Windows: Check program version in Control Panel. On Linux: Check installation directory version files.

Verify Fix Applied:

Verify version is 11.3.0.13 or higher. Test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts to NetVault Backup
Unexpected process execution from database service account

Network Indicators:

SQL injection patterns in HTTP requests to NetVault Backup ports
Unusual outbound connections from database server

SIEM Query:

source="netvault.log" AND ("NVBUBackup" OR "Get method") AND (sql OR union OR select)

📊 Metadata

CVE ID: CVE-2017-17422

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 8, 2018

Last Updated: November 21, 2024

🔗 References

https://zerodayinitiative.com/advisories/ZDI-17-975 Third Party Advisory,VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-975 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17422, you might also want to check these: