CVE-2017-6320
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.
Se presenta una vulnerabilidad de inyección de comando remota en la línea de productos de Barracuda Load Balancer (confirmada en versión v5.4.0.004 (2015-11-26) y versión v6.0.1.006 (2016-08-19); corregida en versión 6.1.0.003 (2017- 01-17), en el que un usuario autenticado puede ejecutar comandos shell arbitrarios y obtener privilegios root. La vulnerabilidad se debe a que los datos no saneados son procesados en una llamada del sistema cuando se emite el comando delete_assessment.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-26 CVE Reserved
- 2017-07-18 CVE Published
- 2023-09-13 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/42333 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003 | 2020-07-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Barracuda Search vendor "Barracuda" | Load Balancer Adc Search vendor "Barracuda" for product "Load Balancer Adc" | <= 6.0.1.006 Search vendor "Barracuda" for product "Load Balancer Adc" and version " <= 6.0.1.006" | - |
Affected
|