CVE-2023-26213
CVSS V2 None
CVSS V3 None
Description
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
Overview
- CVE ID
- CVE-2023-26213
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-03T22:15:09
- Last Modified Date
- 2023-03-10T14:53:13
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:barracuda:t100b_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t100b:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t200c_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t200c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t400c_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t400c:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t600d_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t600d:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t900b_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t900b:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t93a_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t93a:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:barracuda:t193a_firmware:8.3.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:barracuda:t193a:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| http://seclists.org/fulldisclosure/2023/Mar/2 | Exploit Mailing List Third Party Advisory |
| https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/ | Release Notes |
| https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/ | Exploit Third Party Advisory |
| https://www.barracuda.com/products/network-security/cloudgen-wan | Product |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-26213 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26213 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 05:55:30 | Added to TrackCVE | |||
| 2023-04-17 05:55:32 | Weakness Enumeration | new |