CVE-2023-26213 – Barracuda CloudGen WAN OS Command Injection

https://notcve.org/view.php?id=CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected. • http://seclists.org/fulldisclosure/2023/Mar/2 https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1 https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan https://www.barracuda.com/products/network-security/cloudgen-wan • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •