标题:

======

Barracuda Control Center 620 - Multiple Web Vulnerabilities

 

程序介绍

=============

Barracuda Networks - Worldwide leader in email and Web security.

Control Center Application of Barracuda Networks

 

(Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/)

 

 

影响

=========

Vulnerability-lab Team discovered multiple Web  Vulnerabilities on Barracuda Control Center 620 appliance/application.

 

状态:

========

已发布

 

影响产品

==================

 

Exploitation-Technique:

=======================

Remote

 

 

Severity:

=========

Medium

 

 

技术日记:

========

1.1

Multiple persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620. Local low privileged user account can

implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities

can lead to information disclosure, access to intranet available servers, manipulated persistent content.

 

Vulnerable Module(s): (Persistent)

                                        [+] authdblookup -input

 

1.2

Multiple non-persistent Input Validation vulnerabilities are detected on Barracudas Control Center 620 appliance.

Attackers can form malicious client-side requests to hijack customer/admin sessions.

Successful exploitation requires user inter action & can lead to information disclosure, session

hijacking and access to servers in the intranet.

 

Vulnerable Module(s): (Non-Persistent)

                                        [+] editdevices

                                        [+] main

 

 

Picture(s):

                                        ../control1.png

                                        ../control2.png

                                        ../control3.png

 

 

Proof of Concept:

=================

The vulnerabilities can be exploited by low privileged user accounts or remote attacker via high required user inter action.

For demonstration or reproduce ...

 

1.1 Persistent

https://www.2cto.com /bcc/authdblookup-input.jsp?selected-user=guest@barracuda.com&selected-node=

 

Manually reproduce ...

1. Login

2. Switch to the vulnerable authdblookup-input.jsp  add mask

3. Include your own malicious persistent script code (java-script or html) & save the input

4. The stored script code will be executed in main-bar as stable output result (persistent)

 

1.2  Non-Persistent

https://www.2cto.com /bcc/editdevices.jsp?device-type=spyware&selected-node=1&containerid=[IVE]

https://www.2cto.com /bcc/main.jsp?device-type=[IVE]

 

 

Solution:

=========

Barracuda implemented after the issues 2011 a validation mask to filter malicious & disallowed inputs.

The barracuda firmware of the filter has been update multiple times.

 

 

Risk:

=====

1.1

The security risk of the discovered persistent vulnerabilities are estimated as medium(+) because of low required user inter action.

 

1.2

The security risk of the discovered non-persistent vulnerabilities are estimated as low because of high required user inter action.

 

 

Credits:

========

Vulnerability Research Laboratory - Pim J.F. Campers (X4lt)