Barracuda Control Center over 620 defects and repair

 

Title:

======

Barracuda Control Center 620-Multiple Web Vulnerabilities

 

Program Introduction

==================

Barracuda Networks-Worldwide leader in email and Web security.

Control Center Application of Barracuda Networks

 

(Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products)

 

 

Impact

==========

Vulnerability-lab Team discovered multiple Web Vulnerabilities on Barracuda Control Center 620 appliance/application.

 

Status:

==========

Released

 

Affected Products

============================

 

Exploitation-Technique:

======================================

Remote

 

 

Severity:

==========

Medium

 

 

Technical diary:

==========

1.1

Multiple persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620. Local low privileged user account can

Implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities

Can lead to information disclosure, access to intranet available servers, manipulated persistent content.

 

Vulnerable Module (s): (Persistent)

[+] Authdblookup-input

 

1.2

Multiple non-persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620 appliance.

Attackers can form malicious client-side requests to hijack customer/admin sessions.

Successful exploitation requires user inter action & can lead to information disclosure, session

Hijacking and access to servers in the intranet.

 

Vulnerable Module (s): (Non-Persistent)

[+] Editdevices

[+] Main

 

 

Picture (s ):

../Control1.png

../Control2.png

../Control3.png

 

 

Proof of Concept:

========================

The vulnerabilities can be exploited by low privileged user accounts or remote attacker via high required user inter action.

For demonstration or reproduce...

 

1.1 Persistent

Https://www.2cto.com/bcc/authdblookup-input.jsp? Selected-user = guest@barracuda.com & selected-node =

 

Manually reproduce...

1. Login

2. Switch to the vulnerable authdblookup-input.jsp add mask

3. Include your own malicious persistent script code (java-script or html) & save the input

4. The stored script code will be executed in main-bar as stable output result (persistent)

 

1.2 Non-Persistent

? Https://www.2cto.com/bcc/editdevices. jsp? Device-type = spyware & selected-node = 1 & containerid = [IVE]

? Https://www.2cto.com/bcc/main. jsp? Device-type = [IVE]

 

 

Solution:

==========

Barracuda implemented after the issues 2011 a validation mask to filter malicious & disallowed inputs.

The barracuda firmware of the filter has been update multiple times.

 

 

Risk:

=====

1.1

The security risk of the discovered persistent vulnerabilities are estimated as medium (+) because of low required user inter action.

 

1.2

The security risk of the discovered non-persistent vulnerabilities are estimated as low because of high required user inter action.

 

 

Credits:

==========

Vulnerability Research Laboratory-Pim J.F. Campers (X4lt)