We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Reference / FAQ

BNSEC-00735 authenticated, SQL injection vulnerability in the Barracuda Phone System

  • Type: Knowledgebase
  • Date changed: 5 months ago

Solution #00006579

Scope:

Fixed in Barracuda Phone System firmware 2.6.003

Severity: High

Description:

The firmware update listed above fixed a blind SQL Injection vulnerability found in the Barracuda Phone System UI. Successful exploitation of this vulnerability could result in an information disclosure.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

Mateusz Goik

Link to this page:

https://campus.barracuda.com/solution/501600000013kNtAAI



*** Note that the Barracuda Phone System was formerly known as the Cudatel Communication Server