CVE-2017-17658 – CVE-2017-17658 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17658?

CVE-2017-17658 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17658 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All installations of Quest NetVault Backup 11.3.0.12 are affected.

📋 TL;DR

CVE-2017-17658 is a critical SQL injection vulnerability in Quest NetVault Backup that allows unauthenticated remote attackers to execute arbitrary SQL commands. This can lead to remote code execution on the underlying database server. All installations of Quest NetVault Backup 11.3.0.12 are affected.

💻 Affected Systems

Products:

Quest NetVault Backup

Versions: 11.3.0.12

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable by default. No special configuration required.

📦 What is this software?

Netvault Backup by Quest

View all CVEs affecting Netvault Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database server leading to data theft, system takeover, and lateral movement within the network.

🟠

Likely Case

Database compromise leading to data exfiltration, privilege escalation, and potential ransomware deployment.

🟢

If Mitigated

Limited impact if proper network segmentation and database hardening are in place, though SQL injection would still succeed.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to any network-accessible attacker without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI published detailed advisory with exploitation details. The vulnerability is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.3.0.13 or later

Vendor Advisory: https://support.quest.com/netvault-backup/kb/293768/quest-netvault-backup-security-vulnerabilities-november-2017

Restart Required: Yes

Instructions:

1. Download the latest patch from Quest support portal. 2. Stop NetVault Backup services. 3. Apply the patch. 4. Restart services. 5. Verify version is 11.3.0.13 or higher.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to NetVault Backup service ports (typically TCP 20031-20034) to trusted IP addresses only.

Use firewall rules to restrict access: iptables -A INPUT -p tcp --dport 20031:20034 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 20031:20034 -j DROP

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules in front of NetVault Backup.

🧯 If You Can't Patch

Isolate the NetVault Backup server in a separate network segment with strict access controls.
Implement database hardening: use least privilege accounts, disable unnecessary database functions, and enable SQL injection protection features.

🔍 How to Verify

Check if Vulnerable:

Check NetVault Backup version via web interface or check installed version in program files.

Check Version:

On Windows: Check Help → About in NetVault GUI. On Linux: Check /usr/local/quest/netvault/version.txt

Verify Fix Applied:

Verify version is 11.3.0.13 or higher and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by SQL errors
Requests to NVBUJobDefinitions endpoint with SQL-like payloads

Network Indicators:

Unusual traffic patterns to NetVault Backup ports from unexpected sources
SQL injection patterns in HTTP requests

SIEM Query:

source="netvault.log" AND ("NVBUJobDefinitions" OR "SQL" OR "injection")

📊 Metadata

CVE ID: CVE-2017-17658

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 8, 2018

Last Updated: November 21, 2024

🔗 References

https://zerodayinitiative.com/advisories/ZDI-17-994 Third Party Advisory,VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-994 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17658, you might also want to check these: