Backdoor Vulnerability in NetSarang Xmanager and Related Products
CVE-2017-20203

9.3CRITICAL

Key Information:

Vendor

Netsarang Computer, Inc.

Status
Xmanager Enterprise
Xmanager
Xshell
Xftp
Vendor
CVE Published:
9 October 2025

Badges

👾 Exploit Exists

What is CVE-2017-20203?

NetSarang products, including Xmanager Enterprise and Xshell, contained a backdoor due to a malicious 'nssock2.dll' file that enabled attackers to gain unauthorized access. This file facilitated a multi-stage attack, leveraging DNS records to communicate with a command and control (C2) server. The compromised library allowed for arbitrary code execution, formation of an encrypted virtual file system, and persistent remote access, resulting in significant security risks such as data exfiltration. NetSarang has released fixed versions to mitigate this threat.

Affected Version(s)

Xftp 5.0 Build 1218

Xlpd 5.0 Build 1220

Xmanager 5.0 Build 1045

References

https://web.archive.org/web/20181022035109/https://www.ne...
vendor-advisorypatch
https://usa.kaspersky.com/about/press-releases/shadowpad-...
technical-description
https://securelist.com/shadowpad-in-corporate-networks/81...
technical-description

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kaspersky Lab
JSON
.
CVE-2017-20203 : Backdoor Vulnerability in NetSarang Xmanager and Related Products