Vulnerability: Multiple Vulnerabilities in Barracuda Products
Danger level: Average
Number of vulnerabilities: 2
Vector operation: Remote
Impact: Security Bypass, System compromise
– Barracuda SSL VPN 3.x;
– Barracuda Load Balancer 3.x;
– Barracuda Link Balancer 3.x;
– Barracuda Web Application Firewall 3.x;
– Barracuda Message Archiver 3.x;
– Barracuda Web Filter 3.x.
– Barracuda Spam and Virus Firewall 2.0.5;
– Barracuda Web Filter 2.0.5;
– Barracuda Message Archiver 2.0.5;
– Barracuda Web Application Firewall 2.0.5;
– Barracuda Link Balancer 2.0.5;
– Barracuda Load Balancer 2.0.5;
– Barracuda SSL VPN 2.0.5.
Discovered vulnerabilities can be exploited by malicious people to bypass certain security restrictions on the target system.
1. The vulnerability is caused due to the existence of a number of undocumented accounts, through which a remote user can log in through a terminal or SSH.
2. The vulnerability is due to the fact that the SSH-daemon listens for connections that are made from IP-addresses belonging to the whitelist. This can be exploited to bypass security restrictions on the target system.
Manufacturer URL: https://www.barracudanetworks.com/
Solution: The way to eliminate the vulnerability does not exist at present.