Bird_banner_small4
Quest NetVault Backup Multipart Request Part Header Stack Buffer Overflow
TSL ID TSL20180103-09
CVE ID(s) CVE-2018-1161
Severity Critical
Description

A stack based buffer overflow has been reported in Quest NetVault Backup Server. The vulnerability is due to improper handling of part headers in Multipart HTTP requests.

A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation of the vulnerability could allow arbitrary code execution under the security context of SYSTEM.

At the time of writing, the vendor has not released any advisory regarding this vulnerability.

Affected Products
  • Quest Software NetVault Backup 11.4.5.11 and prior
CVSS Score Base 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 8.5 (E:U/RL:U/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is UNAVAILABLE
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
ZDI
Related Threats