Vulnerabilities in Barracuda Products
Vulnerability: Multiple Vulnerabilities in Barracuda Products
Danger level: Average
Number of vulnerabilities: 2
Vector operation: Remote
Impact: Security Bypass, System compromise
Affected products:
– Barracuda SSL VPN 3.x;
– Barracuda Load Balancer 3.x;
– Barracuda Link Balancer 3.x;
– Barracuda Web Application Firewall 3.x;
– Barracuda Message Archiver 3.x;
– Barracuda Web Filter 3.x.
Affected versions:
– Barracuda Spam and Virus Firewall 2.0.5;
– Barracuda Web Filter 2.0.5;
– Barracuda Message Archiver 2.0.5;
– Barracuda Web Application Firewall 2.0.5;
– Barracuda Link Balancer 2.0.5;
– Barracuda Load Balancer 2.0.5;
– Barracuda SSL VPN 2.0.5.
Description:
Discovered vulnerabilities can be exploited by malicious people to bypass certain security restrictions on the target system.
1. The vulnerability is caused due to the existence of a number of undocumented accounts, through which a remote user can log in through a terminal or SSH.
2. The vulnerability is due to the fact that the SSH-daemon listens for connections that are made from IP-addresses belonging to the whitelist. This can be exploited to bypass security restrictions on the target system.
Manufacturer URL: https://www.barracudanetworks.com/
Solution: The way to eliminate the vulnerability does not exist at present.
Links:
