CVE-2023-7102 – Remote Code Execution (RCE) Vulnerability
https://notcve.org/view.php?id=CVE-2023-7102
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. El uso de una librería de terceros produjo una vulnerabilidad en el dispositivo Barracuda ESG de Barracuda Networks Inc. que permitía la inyección de parámetros. Este problema afectó al dispositivo Barracuda ESG, desde la versión 5.1.3.001 hasta la 9.2.1.001, hasta que Barracuda eliminó la lógica vulnerable. • https://github.com/haile01/perl_spreadsheet_excel_rce_poc https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md https://metacpan.org/dist/Spreadsheet-ParseExcel https://www.barracuda.com/company/legal/esg-vulnerability https://www.cve.org/CVERecord?id=CVE-2023-7101 • CWE-1104: Use of Unmaintained Third Party Components •
CVE-2023-2868 – Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. • https://github.com/krmxd/CVE-2023-2868 https://status.barracuda.com/incidents/34kx82j5n4q9 https://www.barracuda.com/company/legal/esg-vulnerability • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-26213 – Barracuda CloudGen WAN OS Command Injection
https://notcve.org/view.php?id=CVE-2023-26213
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected. • http://seclists.org/fulldisclosure/2023/Mar/2 https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1 https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan https://www.barracuda.com/products/network-security/cloudgen-wan • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-42711
https://notcve.org/view.php?id=CVE-2021-42711
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation. Barracuda Network Access Client versiones anteriores a 5.2.2, crea un Archivo Temporal en un Directorio con Permisos no Seguros. Este archivo será ejecutado con privilegios SYSTEM cuando un usuario no privilegiado lleva a cabo una operación de reparación • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0010/MNDT-2021-0010.md • CWE-276: Incorrect Default Permissions •
CVE-2019-5648 – LDAP Credential Exposure in Barracuda Load Balancer ADC
https://notcve.org/view.php?id=CVE-2019-5648
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. Un acceso administrativo autenticado a un Barracuda Load Balancer ADC que ejecuta versiones de firmware no parcheadas anteriores a v6.4 incluyéndola, permite editar la configuración del servicio LDAP del balanceador y cambiar el servidor LDAP a un sistema controlado por el atacante, sin tener que reingresar las credenciales LDAP. Estos pasos pueden ser usados por cualquier usuario administrativo autenticado para exponer las credenciales LDAP configuradas en el conector LDAP sobre la red. • https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed • CWE-522: Insufficiently Protected Credentials •