CVE-2017-17652 – CVE-2017-17652 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17652?

CVE-2017-17652 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17652 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All installations of Quest NetVault Backup 11.3.0.12 are affected.

📋 TL;DR

CVE-2017-17652 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All installations of Quest NetVault Backup 11.3.0.12 are affected.

💻 Affected Systems

Products:

Quest NetVault Backup

Versions: 11.3.0.12

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Netvault Backup by Quest

View all CVEs affecting Netvault Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database server leading to data theft, destruction, or ransomware deployment across connected systems.

🟠

Likely Case

Database compromise allowing data exfiltration, privilege escalation, and lateral movement within the network.

🟢

If Mitigated

Limited impact if database runs with minimal privileges and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI published detailed advisory with exploitation details. Attack requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.3.0.13 or later

Vendor Advisory: https://support.quest.com/netvault-backup/kb/293038/netvault-backup-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Download latest version from Quest support portal. 2. Backup configuration. 3. Run installer. 4. Restart NetVault Backup services.

🔧 Temporary Workarounds

Network Segmentation

all

Block external access to NetVault Backup ports (typically TCP 20031-20034)

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="20031-20034" reject'
netsh advfirewall firewall add rule name="Block NetVault" dir=in action=block protocol=TCP localport=20031-20034

🧯 If You Can't Patch

Implement strict network ACLs to allow only trusted IPs to access NetVault Backup services
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check NetVault Backup version in web interface or installation directory. Version 11.3.0.12 is vulnerable.

Check Version:

On Windows: reg query "HKLM\SOFTWARE\Quest\NetVault Backup" /v Version. On Linux: cat /opt/quest/netvault/version.txt

Verify Fix Applied:

Verify version is 11.3.0.13 or higher. Test SQL injection payloads no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by SQL errors
Requests to /NVBUBackup.asmx with SQL-like parameters

Network Indicators:

Unusual traffic to TCP ports 20031-20034 from external IPs
SQL error messages in HTTP responses

SIEM Query:

source="netvault.log" AND ("SQL" OR "syntax" OR "NVBUBackup") AND status=500

📊 Metadata

CVE ID: CVE-2017-17652

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 8, 2018

Last Updated: November 21, 2024

🔗 References

https://zerodayinitiative.com/advisories/ZDI-17-988 Third Party Advisory,VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-988 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17652, you might also want to check these: