Title:
======
Barracuda Control Center 620-Multiple Web Vulnerabilities
Program Introduction
==================
Barracuda Networks-Worldwide leader in email and Web security.
Control Center Application of Barracuda Networks
(Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products)
Impact
==========
Vulnerability-lab Team discovered multiple Web Vulnerabilities on Barracuda Control Center 620 appliance/application.
Status:
==========
Released
Affected Products
============================
Exploitation-Technique:
======================================
Remote
Severity:
==========
Medium
Technical diary:
==========
1.1
Multiple persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620. Local low privileged user account can
Implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities
Can lead to information disclosure, access to intranet available servers, manipulated persistent content.
Vulnerable Module (s): (Persistent)
[+] Authdblookup-input
1.2
Multiple non-persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620 appliance.
Attackers can form malicious client-side requests to hijack customer/admin sessions.
Successful exploitation requires user inter action & can lead to information disclosure, session
Hijacking and access to servers in the intranet.
Vulnerable Module (s): (Non-Persistent)
[+] Editdevices
[+] Main
Picture (s ):
../Control1.png
../Control2.png
../Control3.png
Proof of Concept:
========================
The vulnerabilities can be exploited by low privileged user accounts or remote attacker via high required user inter action.
For demonstration or reproduce...
1.1 Persistent
Https://www.2cto.com/bcc/authdblookup-input.jsp? Selected-user = guest@barracuda.com & selected-node =
Manually reproduce...
1. Login
2. Switch to the vulnerable authdblookup-input.jsp add mask
3. Include your own malicious persistent script code (java-script or html) & save the input
4. The stored script code will be executed in main-bar as stable output result (persistent)
1.2 Non-Persistent
? Https://www.2cto.com/bcc/editdevices. jsp? Device-type = spyware & selected-node = 1 & containerid = [IVE]
? Https://www.2cto.com/bcc/main. jsp? Device-type = [IVE]
Solution:
==========
Barracuda implemented after the issues 2011 a validation mask to filter malicious & disallowed inputs.
The barracuda firmware of the filter has been update multiple times.
Risk:
=====
1.1
The security risk of the discovered persistent vulnerabilities are estimated as medium (+) because of low required user inter action.
1.2
The security risk of the discovered non-persistent vulnerabilities are estimated as low because of high required user inter action.
Credits:
==========
Vulnerability Research Laboratory-Pim J.F. Campers (X4lt)