CVE-2017-20203
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netsarang | xlpd | 5.0 |
| netsarang | xmanager_enterprise | 5.0 |
| netsarang | xshell | 5.0 |
| netsarang | xmanager | 5.0 |
| netsarang | xftp | 5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-506 | The product contains code that appears to be malicious in nature. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a malicious nssock2.dll in certain NetSarang products that acts as a multi-stage, DNS-based backdoor. The dormant DLL contacts a command and control (C2) DNS server using specially crafted TXT records for a domain generated monthly. After receiving a decryption key, it downloads and executes arbitrary code, creates an encrypted virtual file system in the registry, and allows the attacker full remote code execution, data exfiltration, and persistence on the affected system.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary code on the affected system, exfiltrate data, and maintain persistent access. This means an attacker could take full control of the system, steal sensitive information, and remain undetected for extended periods.
What immediate steps should I take to mitigate this vulnerability?
Update the affected NetSarang products to the fixed builds released by NetSarang: Xmanager Enterprise to Build 1236, Xmanager to Build 1049, Xshell to Build 1326, Xftp to Build 1222, and Xlpd to Build 1224. These updates remediate the malicious nssock2.dll backdoor.