CVE-2018-11143 – CVE-2018-11143 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2018-11143?

CVE-2018-11143 has a CVSS score of 9.8 (CRITICAL). CVE-2018-11143 is a command injection vulnerability in Quest DR Series Disk Backup software that allows attackers to execute arbitrary commands on affected systems. This affects organizations using Quest DR Series Disk Backup software versions before 4.0.3.1, potentially leading to complete system compromise.

📋 TL;DR

CVE-2018-11143 is a command injection vulnerability in Quest DR Series Disk Backup software that allows attackers to execute arbitrary commands on affected systems. This affects organizations using Quest DR Series Disk Backup software versions before 4.0.3.1, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Quest DR Series Disk Backup software

Versions: All versions before 4.0.3.1

Operating Systems: Windows, Linux (depending on deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is part of a larger set of 46 vulnerabilities disclosed in this software. Default installations are vulnerable.

📦 What is this software?

Disk Backup by Quest

View all CVEs affecting Disk Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, data exfiltration, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Unauthenticated remote code execution leading to backup data theft, system disruption, and potential credential harvesting.

🟢

If Mitigated

Limited impact if network segmentation and proper access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated exploitation, posing significant risk to internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit details and proof-of-concept code are available. The vulnerability is easily exploitable with publicly available tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.3.1 and later

Vendor Advisory: https://support.quest.com/dr-series/kb/311640/quest-dr-series-disk-backup-software-security-vulnerabilities-notification

Restart Required: Yes

Instructions:

1. Download Quest DR Series Disk Backup software version 4.0.3.1 or later from official Quest channels. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the system and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Quest DR Series systems from untrusted networks and limit access to authorized management IPs only.

Use firewall rules to restrict access to Quest DR Series management interfaces

Access Control

all

Implement strict network access controls and authentication requirements for management interfaces.

Configure network ACLs to allow only trusted IP addresses to access the backup system

🧯 If You Can't Patch

Immediately isolate affected systems from all networks, especially internet-facing connections
Implement strict network segmentation and monitor for any exploitation attempts or anomalous activity

🔍 How to Verify

Check if Vulnerable:

Check the software version in the Quest DR Series management interface or via command line: 'drcli version' or similar vendor-specific commands.

Check Version:

drcli version (or check via Quest DR Series web interface)

Verify Fix Applied:

Verify the installed version is 4.0.3.1 or later and test that command injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Unexpected process creation from Quest DR Series services
Failed authentication attempts followed by command execution

Network Indicators:

Unexpected outbound connections from backup systems
Traffic to/from Quest DR Series management ports from unauthorized sources

SIEM Query:

source="quest_dr_series" AND (event_type="command_execution" OR process_name="cmd.exe" OR process_name="/bin/sh")

📊 Metadata

CVE ID: CVE-2018-11143

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: June 2, 2018

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2018/May/71 Mailing List,Third Party Advisory
https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities Technical Description,Third Party Advisory
http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2018/May/71 Mailing List,Third Party Advisory
https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-11143, you might also want to check these: