CVE-2018-1162

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup version 11.2.0.13

Description This issue allows remote attackers to create a denial-of-service condition on vulnerable installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests, resulting from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to arbitrarily overwrite files, resulting in a denial-of-service condition.

Recommendations For Quest NetVault Backup version 11.2.0.13, consider restricting access to the Export method to minimize the risk of exploitation until a patch is available. As a temporary workaround, ensure proper validation of user-supplied paths in file operations to prevent arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this issue.