{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:07:27.098","vulnerabilities":[{"cve":{"id":"CVE-2017-17654","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2018-02-08T18:29:00.993","lastModified":"2024-11-21T03:18:24.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287."},{"lang":"es","value":"Esta vulnerabilidad permite que los atacantes remotos ejecuten código arbitrario en instalaciones vulnerables de Quest NetVault Backup 11.3.0.12. No se requiere autenticación para explotar esta vulnerabilidad. Este error en concreto existe en la gestión de peticiones de método ClientList NVBUBackup. El problema deriva de la falta de validación correcta de una cadena proporcionada por el usuario antes de emplearla para construir consultas SQL. Un atacante podría aprovecharse de esta vulnerabilidad para ejecutar código en el contexto de la base de datos subyacente. Anteriormente era ZDI-CAN-4287."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:11.3.0.12:*:*:*:*:*:*:*","matchCriteriaId":"AF09118D-83F5-41E0-A956-24922A284703"}]}]}],"references":[{"url":"https://zerodayinitiative.com/advisories/ZDI-17-990","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://zerodayinitiative.com/advisories/ZDI-17-990","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}