Multiple Vulnerabilities in Barracuda Products

Posted: January 25, 2013 in Vulnerabilities
Tags: , ,


Vulnerabilities in Barracuda Products

Vulnerability: Multiple Vulnerabilities in Barracuda Products

Danger level: Average

Number of vulnerabilities: 2

Vector operation: Remote
Impact: Security Bypass, System compromise

Affected products:

– Barracuda SSL VPN 3.x;
– Barracuda Load Balancer 3.x;
– Barracuda Link Balancer 3.x;
– Barracuda Web Application Firewall 3.x;
– Barracuda Message Archiver 3.x;
– Barracuda Web Filter 3.x.

Affected versions:

– Barracuda Spam and Virus Firewall 2.0.5;
– Barracuda Web Filter 2.0.5;
– Barracuda Message Archiver 2.0.5;
– Barracuda Web Application Firewall 2.0.5;
– Barracuda Link Balancer 2.0.5;
– Barracuda Load Balancer 2.0.5;
– Barracuda SSL VPN 2.0.5.


Discovered vulnerabilities can be exploited by malicious people to bypass certain security restrictions on the target system.

1. The vulnerability is caused due to the existence of a number of undocumented accounts, through which a remote user can log in through a terminal or SSH.

2. The vulnerability is due to the fact that the SSH-daemon listens for connections that are made from IP-addresses belonging to the whitelist. This can be exploited to bypass security restrictions on the target system.

Manufacturer URL:

Solution: The way to eliminate the vulnerability does not exist at present.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s