ID
VAR-190001-0336
TITLE
Barracuda Control Center HTML Injection Vulnerability
Trust: 0.6
DESCRIPTION
The Barracuda Control Center is a control center application for Barracuda products. The Barracudas Control Center 620 has multiple persistent input validation vulnerabilities, and local non-privileged user accounts can implement/inject malicious persistent script code. When the user is authenticated, it can lead to information leakage, access to internal servers, and content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible
Trust: 1.35
IOT TAXONOMY
category: | ['Network device'] | sub_category: | - | Trust: 1.2 |
AFFECTED PRODUCTS
vendor: | barracuda | model: | networks barracuda control center | scope: | eq | version: | 620 | Trust: 1.5 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
PATCH
title: | Barracuda Control Center HTML Injection Vulnerability Patch | url: | https://www.cnvd.org.cn/patchinfo/show/6436 | Trust: 0.6 |
title: | Patch for Barracuda Control Center Cross-Site Scripting Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/6438 | Trust: 0.6 |
EXTERNAL IDS
db: | BID | id: | 51156 | Trust: 2.1 |
db: | CNVD | id: | CNVD-2011-5417 | Trust: 0.6 |
db: | CNVD | id: | CNVD-2011-5416 | Trust: 0.6 |
db: | CNNVD | id: | CNNVD-201112-411 | Trust: 0.6 |
REFERENCES
url: | http://www.securityfocus.com/bid/51156 | Trust: 1.8 |
url: | http://www.vulnerability-lab.com/get_content.php?id=32 | Trust: 0.3 |
url: | http://www.barracudanetworks.com/ns/?l=en_ca | Trust: 0.3 |
CREDITS
Vulnerability-Lab
Trust: 0.9
SOURCES
db: | CNVD | id: | CNVD-2011-5417 |
db: | CNVD | id: | CNVD-2011-5416 |
db: | BID | id: | 51156 |
db: | CNNVD | id: | CNNVD-201112-411 |
LAST UPDATE DATE
2022-05-17T01:50:42.387000+00:00
SOURCES UPDATE DATE
db: | CNVD | id: | CNVD-2011-5417 | date: | 2011-12-23T00:00:00 |
db: | CNVD | id: | CNVD-2011-5416 | date: | 2011-12-23T00:00:00 |
db: | BID | id: | 51156 | date: | 2011-12-21T00:00:00 |
db: | CNNVD | id: | CNNVD-201112-411 | date: | 2011-12-23T00:00:00 |
SOURCES RELEASE DATE
db: | CNVD | id: | CNVD-2011-5417 | date: | 2011-12-23T00:00:00 |
db: | CNVD | id: | CNVD-2011-5416 | date: | 2011-12-23T00:00:00 |
db: | BID | id: | 51156 | date: | 2011-12-21T00:00:00 |
db: | CNNVD | id: | CNNVD-201112-411 | date: | 1900-01-01T00:00:00 |