Vulnerability Details : CVE-2023-26213
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
Products affected by CVE-2023-26213
- cpe:2.3:o:barracuda:t100b_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t200c_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t400c_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t600d_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t900b_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t93a_firmware:8.3.1:-:*:*:*:*:*:*
- cpe:2.3:o:barracuda:t193a_firmware:8.3.1:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26213
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26213
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2023-26213
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-26213
-
https://www.barracuda.com/products/network-security/cloudgen-wan
Barracuda CloudGen WAN | Barracuda NetworksProduct
-
https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/
Release Notes 8.3.1 | Barracuda CampusRelease Notes
-
http://seclists.org/fulldisclosure/2023/Mar/2
Full Disclosure: SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WANExploit;Mailing List;Third Party Advisory
-
https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/
OS Command Injection in Barracuda CloudGen WANExploit;Third Party Advisory
Jump to