It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Help Center / Reference

BNSEC-01088 unauthenticated, remotely exploitable, arbitrary command execution vulnerability in multiple products

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00006481

Scope:

Fixed in Web Application Firewall 7.8.0.010
Fixed in Web Application Firewall 7.7.0.026
Fixed in Message Archiver 3.2.0.026
Fixed in Message Archiver 3.5.0.008
Fixed in Load Balancer 4.2.2.007
Fixed in Load Balancer 4.2.0.019
Fixed in Load Balancer 4.1.0.035
Fixed in Load Balancer 3.6.1.011
Fixed in Barracuda ADC 5.0.0.007
Fixed in Barracuda ADC 5.0.1
Fixed in Spam Firewall 6.0.0.028
Fixed in Spam Firewall 5.1.3.005
Fixed in Spam Firewall 4.1.1.021
Fixed in Spam Firewall 3.5.12.025
Fixed in Spam Firewall 5.0.0.025
Fixed in Web Filter BNSF 7.0.0.015
Fixed in Web Filter 6.0.1.012
Fixed in Web Filter 6.0.1.009
Fixed in Link Balancer 2.4.2.008
Fixed in Barracuda Firewall 6.1.1.001
Fixed in Barracuda Firewall 6.1.0.0.016

Severity: High

Description:

Secdef 2.0.20131015 contains fixes for an unauthenticated remote command execution vulnerability fixed in the products and versions listed above. Successful exploitation of the vulnerability requires that the attacker have network access to the management interface of the affected product.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

Link to this page:

https://campus.barracuda.com/solution/501600000013a0zAAA