It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Back to News Feed

High-Severity OWASSRF exploit in MS Exchange Servers- (CVE-2022-41080 and CVE-2022-41082)

Posted on 2023-01-04 01:07:05 modified on 2023-01-09 03:13:21

CVE: CVE-2022-41080 | CVSS: 9.8 | Severity: Critical

Description: CVE-2022-41080 vulnerability was discovered in MS Exchange servers 2013, 2016, and 2019. While ProxyNotShell exploit chain used CVE-2022-41040 (SSRF) vulnerability in the Autodiscover endpoint of MS Exchange, and the newfound OWASSRF exploit chain uses CVE-2022-41080 to achieve privilege escalation via MS Exchange Servers.

Barracuda Networks : Barracuda Web Application Firewall and Barracuda Web Application Firewall as a Service ( WAFaaS ) and Barracuda Load balancer ADC are not vulnerable to the said CVE.

Fix Update:

The fix will be pushed via attackdef for Barracuda Web Application Firewall and Barracuda Load Balancer ADC.

Barracuda WAF-as-a-service accounts will be updated for the definition automatically.

It is advised to watch out for false positives from this pattern and to contact Barracuda Networks Technical Support as required.