CVE-2023-26213
Barracuda CloudGen WAN OS Command Injection
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-20 CVE Reserved
- 2023-03-03 CVE Published
- 2024-07-31 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1 | Release Notes | |
| https://www.barracuda.com/products/network-security/cloudgen-wan | Product |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Mar/2 | 2024-08-02 | |
| https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Barracuda Search vendor "Barracuda" | T100b Firmware Search vendor "Barracuda" for product "T100b Firmware" | 8.3.1 Search vendor "Barracuda" for product "T100b Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T100b Search vendor "Barracuda" for product "T100b" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T200c Firmware Search vendor "Barracuda" for product "T200c Firmware" | 8.3.1 Search vendor "Barracuda" for product "T200c Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T200c Search vendor "Barracuda" for product "T200c" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T400c Firmware Search vendor "Barracuda" for product "T400c Firmware" | 8.3.1 Search vendor "Barracuda" for product "T400c Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T400c Search vendor "Barracuda" for product "T400c" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T600d Firmware Search vendor "Barracuda" for product "T600d Firmware" | 8.3.1 Search vendor "Barracuda" for product "T600d Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T600d Search vendor "Barracuda" for product "T600d" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T900b Firmware Search vendor "Barracuda" for product "T900b Firmware" | 8.3.1 Search vendor "Barracuda" for product "T900b Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T900b Search vendor "Barracuda" for product "T900b" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T93a Firmware Search vendor "Barracuda" for product "T93a Firmware" | 8.3.1 Search vendor "Barracuda" for product "T93a Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T93a Search vendor "Barracuda" for product "T93a" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | T193a Firmware Search vendor "Barracuda" for product "T193a Firmware" | 8.3.1 Search vendor "Barracuda" for product "T193a Firmware" and version "8.3.1" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | T193a Search vendor "Barracuda" for product "T193a" | - | - |
Safe
|