CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise

🗓️ 09 Oct 2025 17:01:08Reported by VulnCheckType

CVE-2017-20203 NetSarang backdoor via nssock2.dll using DNS server and remote code execution with persistence; patches released.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2017-20203	9 Oct 202517:12	–	circl
CNNVD	NetSarang多款产品安全漏洞	9 Oct 202500:00	–	cnnvd
CVE	CVE-2017-20203	9 Oct 202517:01	–	cve
EUVD	EUVD-2017-18919	9 Oct 202518:30	–	euvd
NVD	CVE-2017-20203	9 Oct 202517:15	–	nvd
Positive Technologies	PT-2025-41412	9 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2017-20203	10 Oct 202520:22	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2017-20203	15 Aug 201700:00	–	vulncheck_kev
Vulnrichment	CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise	9 Oct 202517:01	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "nssock2.dll"
    ],
    "product": "Xmanager Enterprise",
    "vendor": "NetSarang Computer, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.0 Build 1232"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "nssock2.dll"
    ],
    "product": "Xmanager",
    "vendor": "NetSarang Computer, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.0 Build 1045"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "nssock2.dll"
    ],
    "product": "Xshell",
    "vendor": "NetSarang Computer, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.0 Build 1322"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "nssock2.dll"
    ],
    "product": "Xftp",
    "vendor": "NetSarang Computer, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.0 Build 1218"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "nssock2.dll"
    ],
    "product": "Xlpd",
    "vendor": "NetSarang Computer, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.0 Build 1220"
      }
    ]
  }
]

Source	Link
securelist	www.securelist.com/shadowpad-in-corporate-networks/81432/
web	www.web.archive.org/web/20181022035109/https://www.netsarang.com/news/security_exploit_in_july_18_2017_build.html
usa	www.usa.kaspersky.com/about/press-releases/shadowpad-attackers-hid-backdoor-in-software-used-by-hundreds-of-large-companies-worldwide
vulncheck	www.vulncheck.com/advisories/netsarang-malicious-backdoor-supply-chain-compromise

21 Nov 2025 14:17Current

CVSS 49.3

EPSS0.00895

CWE-506