Command Injection Vulnerability in Quest DR Series Disk Backup Software
CVE-2018-11150

8.8HIGH

Key Information:

Vendor: Quest
Status: Disk Backup
Vendor: CVE Published:; 2 June 2018

🔔 Create Quest Vulnerability Alert

What is CVE-2018-11150?

The Quest DR Series Disk Backup software prior to version 4.0.3.1 is susceptible to a command injection vulnerability, which may allow an attacker to execute arbitrary commands on the host system. This flaw could potentially lead to unauthorized access and manipulation of sensitive data, posing a significant risk to organizations relying on this software for data protection and backup solutions.

References

http://seclists.org/fulldisclosure/2018/May/71

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/148003/Quest-DR-Seri...

x_refsource_MISC

https://www.coresecurity.com/advisories/quest-dr-series-d...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2018
Vulnerability Reserved
May 16, 2018

.

CVE-2018-11150 : Command Injection Vulnerability in Quest DR Series Disk Backup Software