Details of VAR-201402-0489

ID

VAR-201402-0489

TITLE

Barracuda Load Balancer '/cgi-mod/index.cgi' arbitrary command execution vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-01040 // BID: 65508

DESCRIPTION

Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. A remote command injection vulnerability exists in Barracuda Load Balancer. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected application. There are vulnerabilities in Barracuda Load Balancer 340 version 4.2.2.007, other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2014-01040 // CNNVD: CNNVD-201402-160 // BID: 65508

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01040

AFFECTED PRODUCTS

vendor:	barracuda	model:	load balancer barracuda networks	scope:	eq	version:	3404.2.2.007	Trust: 0.6
vendor:	barracuda	model:	load balancer	scope:	eq	version:	3404.2.2.007	Trust: 0.3

sources: CNVD: CNVD-2014-01040 // BID: 65508

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01040
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01040
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01040

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-160

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-160

PATCH

title:

Barracuda Load Balancer '/cgi-mod/index.cgi' patch for any command execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/43703

Trust: 0.6

sources: CNVD: CNVD-2014-01040

EXTERNAL IDS

db:	BID	id:	65508	Trust: 1.5
db:	CNVD	id:	CNVD-2014-01040	Trust: 0.6
db:	CNNVD	id:	CNNVD-201402-160	Trust: 0.6

sources: CNVD: CNVD-2014-01040 // BID: 65508 // CNNVD: CNNVD-201402-160

REFERENCES

url:	http://www.securityfocus.com/bid/65508	Trust: 1.2
url:	http://www.barracudanetworks.com/ns/products/balancer_overview.php	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2014/feb/105	Trust: 0.3

sources: CNVD: CNVD-2014-01040 // BID: 65508 // CNNVD: CNNVD-201402-160

CREDITS

Brandon Perry

Trust: 0.9

sources: BID: 65508 // CNNVD: CNNVD-201402-160

SOURCES

db:	CNVD	id:	CNVD-2014-01040
db:	BID	id:	65508
db:	CNNVD	id:	CNNVD-201402-160

LAST UPDATE DATE

2022-05-17T01:36:56.707000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01040	date:	2014-02-19T00:00:00
db:	BID	id:	65508	date:	2014-02-11T00:00:00
db:	CNNVD	id:	CNNVD-201402-160	date:	2014-02-17T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01040	date:	2014-02-14T00:00:00
db:	BID	id:	65508	date:	2014-02-11T00:00:00
db:	CNNVD	id:	CNNVD-201402-160	date:	2014-02-17T00:00:00