All the vulnerabilites related to Barracuda - Load Balancer ADC
cve-2019-5648
Vulnerability from cvelistv5
Published
2020-03-12 13:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Barracuda | Load Balancer ADC |
Version: unspecified < 6.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Load Balancer ADC",
"vendor": "Barracuda",
"versions": [
{
"lessThan": "6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Steve Campbell (@lpha3ch0). It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2020-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware \u003c= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials (CWE-522)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T13:00:16",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/"
}
],
"solutions": [
{
"lang": "en",
"value": "Administrators should ensure that their Barracuda Load Balancer ADC is on either a 6.3.x or 6.4.x version so that the patch can be applied through Barracuda\u0027s automated security patching system. Ensure that you have not intentionally disabled the security update system. Administrators should update their Barracuda Load Balancer ADC devices to the latest firmware versions as they become available. Version 6.5 will ship with the patch for CVE-2019-5648."
}
],
"source": {
"advisory": "R7-2019-39",
"discovery": "EXTERNAL"
},
"title": "LDAP Credential Exposure in Barracuda Load Balancer ADC",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-03-05T09:00:00.000Z",
"ID": "CVE-2019-5648",
"STATE": "PUBLIC",
"TITLE": "LDAP Credential Exposure in Barracuda Load Balancer ADC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Load Balancer ADC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "Barracuda"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Steve Campbell (@lpha3ch0). It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware \u003c= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials (CWE-522)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Administrators should ensure that their Barracuda Load Balancer ADC is on either a 6.3.x or 6.4.x version so that the patch can be applied through Barracuda\u0027s automated security patching system. Ensure that you have not intentionally disabled the security update system. Administrators should update their Barracuda Load Balancer ADC devices to the latest firmware versions as they become available. Version 6.5 will ship with the patch for CVE-2019-5648."
}
],
"source": {
"advisory": "R7-2019-39",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5648",
"datePublished": "2020-03-12T13:00:16.318855Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T01:21:54.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201707-0891
Vulnerability from variot
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0891",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "load balancer adc",
"scope": "lte",
"trust": 1.0,
"vendor": "barracuda",
"version": "6.0.1.006"
},
{
"model": "load balancer adc",
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"model": "load balancer adc",
"scope": "eq",
"trust": 0.6,
"vendor": "barracuda",
"version": "6.0.1.006"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:barracuda_networks:load_balancer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
}
]
},
"cve": "CVE-2017-6320",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6320",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-114523",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6320",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6320",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6320",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6320",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-876",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114523",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6320"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "VULHUB",
"id": "VHN-114523"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114523",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6320",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42333",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "143399",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114523",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"id": "VAR-201707-0891",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:02:23.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes Version 6.1.0.003",
"trust": 0.8,
"url": "https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42333/"
},
{
"trust": 1.7,
"url": "https://campus.barracuda.com/product/loadbalanceradc/article/adc/releasenotes610003/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6320"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6320"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-114523"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"date": "2017-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"date": "2017-07-18T14:29:00.293000",
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114523"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006970"
},
{
"date": "2020-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-876"
},
{
"date": "2024-11-21T03:29:33.597000",
"db": "NVD",
"id": "CVE-2017-6320"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Load Balancer In product OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-876"
}
],
"trust": 0.6
}
}
var-201708-0292
Vulnerability from variot
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Barracuda Load Balancer Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. =============================================================================== title: Virtual Appliance Security Review case id: CM-2013-01 product: Barracuda Load Balancer ADC vulnerability type: Multiple severity: Medium to High found: 2013-12-13 by: Cristiano Maruti (@cmaruti) ===============================================================================
[EXECUTIVE SUMMARY]
While reviewing the virtual appliance, five major security issues were identified: 1) Ability to recover the file system encryption keys via simil cold-boot attack; 2) Off-line super user password reset via physical attack; 3) Hard-coded credential for an interactive unprivileged user; 4) Hard-coded SSH key file that could permit local privilege escalation; 5) Various credentials and private IP address of Barracuda’s internal server. Probably there are other appliances from the vendor affected by the same problems.
[TECHNICAL DETAILS]
The full report with technical details about the vulnerabilities I have identified is available at: https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf
[VULNERABILITY REFERENCE]
The following ID were associated by Barracuda (BNSECID) to handle the vulnerabilities: - BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000122: VM appliance susceptible to off-line user password reset. - BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000126: Internal system information leakage through VM virtual drive. - BNSEC-0006000125: Privilege escalation using improperly protected SSH key. - CVE-2014-8428: Privilege escalation using improperly protected SSH key.
[DISCLOSURE TIMELINE]
2014-01-03 Report submitted to vendor via its bug bounty program. 2014-01-03 Vendor confirmed receiving the report (automatic reply). 2014-01-09 Vendor gave follow-up. 2014-01-13 Vendor provided BNSEC IDs. 2014-01-22 Researcher requested further update about the status of the submission. 2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. 2014-02-06 Researcher requested for the second time an update about the status of his submission. 2014-02-06 Vendor acknowledged the delay in processing the submission because of internal reorganization of the bounty program. 2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities, still processing the submission and developing appropriate fixes. 2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible for the bounty program. 2014-04-20 Barracuda created fixes for the issues reported but postponed the test due to addressing the Heartbleed vulnerability. 2014-04-23 Researcher received the bounty prize. 2014-05-06 Vendor gave follow-up but no further details about the status of the patching process were disclosed. 2014-06-04 Researcher requested further update about the status of the submission. 2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. 2014-12-05 Vendor escalated the issues due to cleanup delayed too many times; coordinated disclosure date will be on January 20th, 2015. 2015-01-20 Public disclosure.
[SOLUTION]
Vendor addressed the vulnerabilities identified by CVE-2014-8426 and CVE-2014-8428. The Vendor is currently evaluating ways to mitigate the remaining ones.
[REPORT URL]
https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0292",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "load balancer",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "5.0.0.015"
},
{
"model": "load balancer adc",
"scope": "eq",
"trust": 0.8,
"vendor": "barracuda",
"version": "5.0.0.015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:barracuda_networks:load_balancer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cristiano Maruti",
"sources": [
{
"db": "PACKETSTORM",
"id": "130027"
}
],
"trust": 0.1
},
"cve": "CVE-2014-8426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8426",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-8426",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8426",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-8426",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76371",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Barracuda Load Balancer Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. ===============================================================================\n title: Virtual Appliance Security Review\n case id: CM-2013-01\n product: Barracuda Load Balancer ADC\n vulnerability type: Multiple\n severity: Medium to High\n found: 2013-12-13\n by: Cristiano Maruti (@cmaruti)\n===============================================================================\n\n[EXECUTIVE SUMMARY]\n\nWhile reviewing the virtual appliance, five major security issues were\nidentified:\n1) Ability to recover the file system encryption keys via simil cold-boot\n attack;\n2) Off-line super user password reset via physical attack;\n3) Hard-coded credential for an interactive unprivileged user;\n4) Hard-coded SSH key file that could permit local privilege escalation;\n5) Various credentials and private IP address of Barracuda\u2019s internal server. Probably there are other\nappliances from the vendor affected by the same problems. \n\n[TECHNICAL DETAILS]\n\nThe full report with technical details about the vulnerabilities I have\nidentified is available at:\nhttps://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf\n\n[VULNERABILITY REFERENCE]\n\nThe following ID were associated by Barracuda (BNSECID) to handle the\nvulnerabilities:\n- BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory\n dump. \n- BNSEC-0006000122: VM appliance susceptible to off-line user password reset. \n- BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory\n dump. \n- BNSEC-0006000126: Internal system information leakage through VM virtual\n drive. \n- BNSEC-0006000125: Privilege escalation using improperly protected SSH key. \n- CVE-2014-8428: Privilege escalation using improperly protected SSH key. \n\n[DISCLOSURE TIMELINE]\n\n2014-01-03 Report submitted to vendor via its bug bounty program. \n2014-01-03 Vendor confirmed receiving the report (automatic reply). \n2014-01-09 Vendor gave follow-up. \n2014-01-13 Vendor provided BNSEC IDs. \n2014-01-22 Researcher requested further update about the status of the\n submission. \n2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. \n2014-02-06 Researcher requested for the second time an update about the status\n of his submission. \n2014-02-06 Vendor acknowledged the delay in processing the submission because\n of internal reorganization of the bounty program. \n2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities,\n still processing the submission and developing appropriate fixes. \n2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible\n for the bounty program. \n2014-04-20 Barracuda created fixes for the issues reported but postponed the\n test due to addressing the Heartbleed vulnerability. \n2014-04-23 Researcher received the bounty prize. \n2014-05-06 Vendor gave follow-up but no further details about the status of the\n patching process were disclosed. \n2014-06-04 Researcher requested further update about the status of the\n submission. \n2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. \n2014-12-05 Vendor escalated the issues due to cleanup delayed too many times;\n coordinated disclosure date will be on January 20th, 2015. \n2015-01-20 Public disclosure. \n\n[SOLUTION]\n\nVendor addressed the vulnerabilities identified by CVE-2014-8426 and\nCVE-2014-8428. The Vendor is currently evaluating ways to mitigate the\nremaining ones. \n\n[REPORT URL]\n\nhttps://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8426"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "PACKETSTORM",
"id": "130027"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8426",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "130027",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-76371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"id": "VAR-201708-0292",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76371"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:34:34.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Barracuda Load Balancer ADC",
"trust": 0.8,
"url": "https://www.barracuda.com/products/loadbalancer?L=jp"
},
{
"title": "Barracuda Load Balancer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74320"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/130027/barracuda-load-balancer-adc-key-recovery-password-reset.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/jan/76"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8426"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8428"
},
{
"trust": 0.1,
"url": "https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-76371"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"date": "2015-01-20T23:24:28",
"db": "PACKETSTORM",
"id": "130027"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"date": "2017-08-28T15:29:00.453000",
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-76371"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008348"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1192"
},
{
"date": "2024-11-21T02:19:04.040000",
"db": "NVD",
"id": "CVE-2014-8426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Load Balancer Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1192"
}
],
"trust": 0.6
}
}
var-201708-0293
Vulnerability from variot
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Barracuda Load Balancer Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. =============================================================================== title: Virtual Appliance Security Review case id: CM-2013-01 product: Barracuda Load Balancer ADC vulnerability type: Multiple severity: Medium to High found: 2013-12-13 by: Cristiano Maruti (@cmaruti) ===============================================================================
[EXECUTIVE SUMMARY]
While reviewing the virtual appliance, five major security issues were identified: 1) Ability to recover the file system encryption keys via simil cold-boot attack; 2) Off-line super user password reset via physical attack; 3) Hard-coded credential for an interactive unprivileged user; 4) Hard-coded SSH key file that could permit local privilege escalation; 5) Various credentials and private IP address of Barracuda’s internal server.
[VULNERABLE VERSIONS]
Barracuda Load Balancer - firmware version 5.0.0.015. Probably there are other appliances from the vendor affected by the same problems.
[TECHNICAL DETAILS]
The full report with technical details about the vulnerabilities I have identified is available at: https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf
[VULNERABILITY REFERENCE]
The following ID were associated by Barracuda (BNSECID) to handle the vulnerabilities: - BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000122: VM appliance susceptible to off-line user password reset. - BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory dump. - BNSEC-0006000123: Hard coded weak credentials for product user. - BNSEC-0006000126: Internal system information leakage through VM virtual drive.
The following CVE IDs were pre-allocated to track the vulnerabilities: - CVE-2014-8426: Hard coded weak credentials for product user.
[DISCLOSURE TIMELINE]
2014-01-03 Report submitted to vendor via its bug bounty program. 2014-01-03 Vendor confirmed receiving the report (automatic reply). 2014-01-09 Vendor gave follow-up. 2014-01-13 Vendor provided BNSEC IDs. 2014-01-22 Researcher requested further update about the status of the submission. 2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. 2014-02-06 Researcher requested for the second time an update about the status of his submission. 2014-02-06 Vendor acknowledged the delay in processing the submission because of internal reorganization of the bounty program. 2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities, still processing the submission and developing appropriate fixes. 2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible for the bounty program. 2014-04-20 Barracuda created fixes for the issues reported but postponed the test due to addressing the Heartbleed vulnerability. 2014-04-23 Researcher received the bounty prize. 2014-05-06 Vendor gave follow-up but no further details about the status of the patching process were disclosed. 2014-06-04 Researcher requested further update about the status of the submission. 2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. 2014-12-05 Vendor escalated the issues due to cleanup delayed too many times; coordinated disclosure date will be on January 20th, 2015. 2015-01-20 Public disclosure.
[SOLUTION]
Vendor addressed the vulnerabilities identified by CVE-2014-8426 and CVE-2014-8428. The Vendor is currently evaluating ways to mitigate the remaining ones.
[REPORT URL]
https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "load balancer",
"scope": "eq",
"trust": 1.6,
"vendor": "barracuda",
"version": "5.0.0.015"
},
{
"model": "load balancer adc",
"scope": "eq",
"trust": 0.8,
"vendor": "barracuda",
"version": "5.0.0.015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:barracuda_networks:load_balancer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cristiano Maruti",
"sources": [
{
"db": "PACKETSTORM",
"id": "130027"
}
],
"trust": 0.1
},
"cve": "CVE-2014-8428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8428",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76373",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-8428",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8428",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-8428",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76373",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Barracuda Load Balancer Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. ===============================================================================\n title: Virtual Appliance Security Review\n case id: CM-2013-01\n product: Barracuda Load Balancer ADC\n vulnerability type: Multiple\n severity: Medium to High\n found: 2013-12-13\n by: Cristiano Maruti (@cmaruti)\n===============================================================================\n\n[EXECUTIVE SUMMARY]\n\nWhile reviewing the virtual appliance, five major security issues were\nidentified:\n1) Ability to recover the file system encryption keys via simil cold-boot\n attack;\n2) Off-line super user password reset via physical attack;\n3) Hard-coded credential for an interactive unprivileged user;\n4) Hard-coded SSH key file that could permit local privilege escalation;\n5) Various credentials and private IP address of Barracuda\u2019s internal server. \n\n[VULNERABLE VERSIONS]\n\nBarracuda Load Balancer - firmware version 5.0.0.015. Probably there are other\nappliances from the vendor affected by the same problems. \n\n[TECHNICAL DETAILS]\n\nThe full report with technical details about the vulnerabilities I have\nidentified is available at:\nhttps://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf\n\n[VULNERABILITY REFERENCE]\n\nThe following ID were associated by Barracuda (BNSECID) to handle the\nvulnerabilities:\n- BNSEC-0004000355: VM filesystem encryption keys can be leaked through memory\n dump. \n- BNSEC-0006000122: VM appliance susceptible to off-line user password reset. \n- BNSEC-0006000124: VM filesystem encryption keys can be leaked through memory\n dump. \n- BNSEC-0006000123: Hard coded weak credentials for product user. \n- BNSEC-0006000126: Internal system information leakage through VM virtual\n drive. \n\nThe following CVE IDs were pre-allocated to track the vulnerabilities:\n- CVE-2014-8426: Hard coded weak credentials for product user. \n\n[DISCLOSURE TIMELINE]\n\n2014-01-03 Report submitted to vendor via its bug bounty program. \n2014-01-03 Vendor confirmed receiving the report (automatic reply). \n2014-01-09 Vendor gave follow-up. \n2014-01-13 Vendor provided BNSEC IDs. \n2014-01-22 Researcher requested further update about the status of the\n submission. \n2014-01-22 Vendor gave follow-up and updates the list of BNSEC IDs. \n2014-02-06 Researcher requested for the second time an update about the status\n of his submission. \n2014-02-06 Vendor acknowledged the delay in processing the submission because\n of internal reorganization of the bounty program. \n2014-03-18 Vendor sent update. Confirming the severity of the vulnerabilities,\n still processing the submission and developing appropriate fixes. \n2014-03-20 Vendor approved bounty. Four of five vulnerabilities are eligible\n for the bounty program. \n2014-04-20 Barracuda created fixes for the issues reported but postponed the\n test due to addressing the Heartbleed vulnerability. \n2014-04-23 Researcher received the bounty prize. \n2014-05-06 Vendor gave follow-up but no further details about the status of the\n patching process were disclosed. \n2014-06-04 Researcher requested further update about the status of the\n submission. \n2014-10-01 Vendor postponed the fix due to Shellshock vulnerability. \n2014-12-05 Vendor escalated the issues due to cleanup delayed too many times;\n coordinated disclosure date will be on January 20th, 2015. \n2015-01-20 Public disclosure. \n\n[SOLUTION]\n\nVendor addressed the vulnerabilities identified by CVE-2014-8426 and\nCVE-2014-8428. The Vendor is currently evaluating ways to mitigate the\nremaining ones. \n\n[REPORT URL]\n\nhttps://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8428"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "PACKETSTORM",
"id": "130027"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8428",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "130027",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-76373",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"id": "VAR-201708-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76373"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:34:34.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Barracuda Load Balancer ADC",
"trust": 0.8,
"url": "https://www.barracuda.com/products/loadbalancer?L=jp"
},
{
"title": "Barracuda Load Balancer Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74319"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/130027/barracuda-load-balancer-adc-key-recovery-password-reset.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/jan/76"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8428"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8428"
},
{
"trust": 0.1,
"url": "https://github.com/cmaruti/reports/raw/master/barracuda_load_balancer_vm.pdf"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8426"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"db": "PACKETSTORM",
"id": "130027"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-76373"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"date": "2015-01-20T23:24:28",
"db": "PACKETSTORM",
"id": "130027"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"date": "2017-08-28T15:29:00.500000",
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-76373"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008349"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1191"
},
{
"date": "2024-11-21T02:19:04.187000",
"db": "NVD",
"id": "CVE-2014-8428"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barracuda Load Balancer Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1191"
}
],
"trust": 0.6
}
}