CVE-2019-5648
LDAP Credential Exposure in Barracuda Load Balancer ADC
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
Un acceso administrativo autenticado a un Barracuda Load Balancer ADC que ejecuta versiones de firmware no parcheadas anteriores a v6.4 incluyéndola, permite editar la configuración del servicio LDAP del balanceador y cambiar el servidor LDAP a un sistema controlado por el atacante, sin tener que reingresar las credenciales LDAP. Estos pasos pueden ser usados por cualquier usuario administrativo autenticado para exponer las credenciales LDAP configuradas en el conector LDAP sobre la red.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2020-03-12 CVE Published
- 2023-07-16 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Barracuda Search vendor "Barracuda" | Load Balancer Adc Firmware Search vendor "Barracuda" for product "Load Balancer Adc Firmware" | <= 6.4 Search vendor "Barracuda" for product "Load Balancer Adc Firmware" and version " <= 6.4" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Load Balancer Adc Search vendor "Barracuda" for product "Load Balancer Adc" | - | - |
Safe
|