CVE-2018-1163

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup version 11.2.0.13

Description This issue allows remote attackers to bypass authentication on vulnerable installations. The flaw exists within JSON RPC Request handling, specifically by setting the checksession parameter to a certain value, enabling bypass of authentication to critical functions. An attacker can leverage this, potentially in conjunction with other issues, to execute arbitrary code in the context of SYSTEM. The vulnerability is related to incorrect access control.

Recommendations For Quest NetVault Backup version 11.2.0.13, as a temporary workaround, consider restricting access to the JSON RPC Request handling functionality or specifically the checksession parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.