What is CVE-2017-17417?

CVE-2017-17417 is a vulnerability in Quest Netvault Backup, classified under SQL Injection. Published 2018-02-08.

Is CVE-2017-17417 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Quest Netvault Backup

CVE-2017-17417

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling…

Vulnerability class: SQL Injection

EPSS: 0.102 (95.1th percentile) — read the EPSS interpretation.

Affected products

Quest Netvault Backup — versions 11.3.0.12

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
securitycipher/daily-bugbounty-writeups

References

46446 (exploit, x_refsource_EXPLOIT-DB)
zerodayinitiative.com/advisories/ZDI-17-982 (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-17417?: CVE-2017-17417 is a vulnerability in Quest Netvault Backup, classified under SQL Injection. Published 2018-02-08.
Is CVE-2017-17417 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.