Netvault Backup
Monthly
Remote code execution in Quest NetVault Backup allows authenticated remote attackers - who can bypass the product's existing authentication mechanism - to run arbitrary OS commands as SYSTEM via the NVBULogDaemon JSON-RPC interface. The flaw stems from unsanitized user-supplied input being passed into a system call (CWE-78), and the credentialed authentication barrier is undermined by an acknowledged bypass, effectively widening exposure. No public exploit has been identified at time of analysis, but the issue was disclosed by Trend Micro ZDI (ZDI-26-376) and carries a CVSS of 8.8.
Remote code execution in Quest NetVault Backup arises through SQL injection in the NVBUDashboard component's JSON-RPC message handler, letting attackers run arbitrary code in the NETWORK SERVICE context. While the flaw nominally requires authentication, ZDI reports the product's authentication mechanism can be bypassed, materially lowering the access bar. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV, but its CVSS 3.0 base score of 8.8 and full-impact (C:H/I:H/A:H) profile mark it as high priority for any exposed deployment.
Remote code execution in Quest NetVault Backup arises from a SQL injection flaw in the handling of NVBULibrarySlot JSON-RPC messages, where a user-supplied string is concatenated into a SQL query without validation. Although the JSON-RPC interface nominally requires authentication, ZDI notes the existing authentication mechanism can be bypassed, so a remote attacker can reach the vulnerable code path and execute arbitrary code in the context of the NETWORK SERVICE account. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; EPSS data was not provided.
SQL injection in Quest NetVault Backup's NVBULibraryPort JSON-RPC handler allows remote attackers to execute arbitrary code as NETWORK SERVICE on affected installations. While exploitation nominally requires authentication (CVSS PR:L), the ZDI advisory states the existing authentication mechanism can be bypassed, effectively lowering the barrier to remote attackers. There is no public exploit identified at time of analysis and no CISA KEV listing, but the issue was coordinated through Trend Micro's Zero Day Initiative (ZDI-CAN-27631 / ZDI-26-373) and carries a CVSS 3.0 base score of 8.8.
SQL injection leading to remote code execution affects Quest NetVault Backup, where the NVBURemovableMedia component fails to validate a user-supplied string before constructing SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, effectively lowering the barrier to network-based attackers who can then execute code in the context of the NETWORK SERVICE account. No public exploit identified at time of analysis; the issue was reported privately by Trend Micro's Zero Day Initiative (ZDI-CAN-27632 / ZDI-26-372).
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBUDeviceDrive JSON-RPC message handler, where a user-supplied string is concatenated into a SQL query without validation (CWE-89). Although the product requires authentication, the existing authentication mechanism can be bypassed, so remote attackers can reach the flaw and execute arbitrary code in the context of the NETWORK SERVICE account. Discovered and reported through Trend Micro's Zero Day Initiative (ZDI-26-371, formerly ZDI-CAN-27633); no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBURASDevice JSON-RPC message handler, where attacker-controlled input is concatenated into SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, so attackers can reach the vulnerable endpoint and execute code in the NETWORK SERVICE context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported privately via Trend Micro's Zero Day Initiative (ZDI-26-370 / ZDI-CAN-27648).
Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.
SQL injection leading to remote code execution in Quest NetVault Backup allows attackers to run arbitrary code as the NETWORK SERVICE account by sending crafted JSON-RPC messages to the NVBUDashboard component. While the JSON-RPC interface nominally requires authentication, ZDI reports the existing authentication mechanism can be bypassed, effectively lowering the access barrier. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but it was responsibly disclosed through Trend Micro's Zero Day Initiative (ZDI-26-368, formerly ZDI-CAN-27809).
Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.
Remote code execution in Quest NetVault Backup allows authenticated remote attackers - who can bypass the product's existing authentication mechanism - to run arbitrary OS commands as SYSTEM via the NVBULogDaemon JSON-RPC interface. The flaw stems from unsanitized user-supplied input being passed into a system call (CWE-78), and the credentialed authentication barrier is undermined by an acknowledged bypass, effectively widening exposure. No public exploit has been identified at time of analysis, but the issue was disclosed by Trend Micro ZDI (ZDI-26-376) and carries a CVSS of 8.8.
Remote code execution in Quest NetVault Backup arises through SQL injection in the NVBUDashboard component's JSON-RPC message handler, letting attackers run arbitrary code in the NETWORK SERVICE context. While the flaw nominally requires authentication, ZDI reports the product's authentication mechanism can be bypassed, materially lowering the access bar. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV, but its CVSS 3.0 base score of 8.8 and full-impact (C:H/I:H/A:H) profile mark it as high priority for any exposed deployment.
Remote code execution in Quest NetVault Backup arises from a SQL injection flaw in the handling of NVBULibrarySlot JSON-RPC messages, where a user-supplied string is concatenated into a SQL query without validation. Although the JSON-RPC interface nominally requires authentication, ZDI notes the existing authentication mechanism can be bypassed, so a remote attacker can reach the vulnerable code path and execute arbitrary code in the context of the NETWORK SERVICE account. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV; EPSS data was not provided.
SQL injection in Quest NetVault Backup's NVBULibraryPort JSON-RPC handler allows remote attackers to execute arbitrary code as NETWORK SERVICE on affected installations. While exploitation nominally requires authentication (CVSS PR:L), the ZDI advisory states the existing authentication mechanism can be bypassed, effectively lowering the barrier to remote attackers. There is no public exploit identified at time of analysis and no CISA KEV listing, but the issue was coordinated through Trend Micro's Zero Day Initiative (ZDI-CAN-27631 / ZDI-26-373) and carries a CVSS 3.0 base score of 8.8.
SQL injection leading to remote code execution affects Quest NetVault Backup, where the NVBURemovableMedia component fails to validate a user-supplied string before constructing SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, effectively lowering the barrier to network-based attackers who can then execute code in the context of the NETWORK SERVICE account. No public exploit identified at time of analysis; the issue was reported privately by Trend Micro's Zero Day Initiative (ZDI-CAN-27632 / ZDI-26-372).
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBUDeviceDrive JSON-RPC message handler, where a user-supplied string is concatenated into a SQL query without validation (CWE-89). Although the product requires authentication, the existing authentication mechanism can be bypassed, so remote attackers can reach the flaw and execute arbitrary code in the context of the NETWORK SERVICE account. Discovered and reported through Trend Micro's Zero Day Initiative (ZDI-26-371, formerly ZDI-CAN-27633); no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBURASDevice JSON-RPC message handler, where attacker-controlled input is concatenated into SQL queries. Although authentication is nominally required, ZDI notes the existing authentication mechanism can be bypassed, so attackers can reach the vulnerable endpoint and execute code in the NETWORK SERVICE context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported privately via Trend Micro's Zero Day Initiative (ZDI-26-370 / ZDI-CAN-27648).
Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to inject arbitrary script that executes in a victim's authenticated session, bypassing access controls. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-369, formerly ZDI-CAN-27666), the flaw requires user interaction - the target must visit a malicious page or open a malicious file - and can be chained with other weaknesses to achieve code execution in the SYSTEM context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though the high CVSS of 8.8 reflects the serious downstream RCE potential.
SQL injection leading to remote code execution in Quest NetVault Backup allows attackers to run arbitrary code as the NETWORK SERVICE account by sending crafted JSON-RPC messages to the NVBUDashboard component. While the JSON-RPC interface nominally requires authentication, ZDI reports the existing authentication mechanism can be bypassed, effectively lowering the access barrier. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but it was responsibly disclosed through Trend Micro's Zero Day Initiative (ZDI-26-368, formerly ZDI-CAN-27809).
Authentication bypass via cross-site scripting in the Quest NetVault Backup viewclient web interface lets remote attackers inject arbitrary script that, when a victim visits a malicious page or opens a malicious file, runs in the application context and circumvents authentication. Disclosed through Trend Micro's Zero Day Initiative (ZDI-26-377, ZDI-CAN-28202), the flaw can be chained with additional vulnerabilities to achieve code execution as SYSTEM. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 8.8 rating reflects the high impact of the auth-bypass-plus-RCE chain.
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.