Sign-up

ID

VAR-201707-0891


CVE

CVE-2017-6320


TITLE

Barracuda Load Balancer In product OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006970

DESCRIPTION

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support

Trust: 1.71

sources: NVD: CVE-2017-6320 // JVNDB: JVNDB-2017-006970 // VULHUB: VHN-114523

AFFECTED PRODUCTS

vendor:barracudamodel:load balancer adcscope:lteversion:6.0.1.006

Trust: 1.0

vendor:barracudamodel:load balancer adcscope: - version: -

Trust: 0.8

vendor:barracudamodel:load balancer adcscope:eqversion:6.0.1.006

Trust: 0.6

sources: JVNDB: JVNDB-2017-006970 // CNNVD: CNNVD-201702-876 // NVD: CVE-2017-6320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6320
value: HIGH

Trust: 1.0

NVD: CVE-2017-6320
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-876
value: HIGH

Trust: 0.6

VULHUB: VHN-114523
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6320
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114523
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6320
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-6320
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-114523 // JVNDB: JVNDB-2017-006970 // CNNVD: CNNVD-201702-876 // NVD: CVE-2017-6320

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-114523 // JVNDB: JVNDB-2017-006970 // NVD: CVE-2017-6320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-876

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201702-876

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006970

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-114523

PATCH
title:Release Notes Version 6.1.0.003url:https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006970

EXTERNAL IDS
db:NVDid:CVE-2017-6320
Trust: 2.5
db:EXPLOIT-DBid:42333
Trust: 1.7
db:JVNDBid:JVNDB-2017-006970
Trust: 0.8
db:CNNVDid:CNNVD-201702-876
Trust: 0.7
db:PACKETSTORMid:143399
Trust: 0.1
db:VULHUBid:VHN-114523
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114523 // 
            
            
            
            JVNDB: JVNDB-2017-006970 // 
            
            
            
            CNNVD: CNNVD-201702-876 // 
            
            
            
            NVD: CVE-2017-6320

REFERENCES
url:https://www.exploit-db.com/exploits/42333/
Trust: 1.7
url:https://campus.barracuda.com/product/loadbalanceradc/article/adc/releasenotes610003/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6320
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6320
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114523 // 
            
            
            
            JVNDB: JVNDB-2017-006970 // 
            
            
            
            CNNVD: CNNVD-201702-876 // 
            
            
            
            NVD: CVE-2017-6320

SOURCES
db:VULHUBid:VHN-114523
db:JVNDBid:JVNDB-2017-006970
db:CNNVDid:CNNVD-201702-876
db:NVDid:CVE-2017-6320

LAST UPDATE DATE
2024-11-23T23:02:23.178000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114523date:2020-07-01T00:00:00
db:JVNDBid:JVNDB-2017-006970date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201702-876date:2020-07-02T00:00:00
db:NVDid:CVE-2017-6320date:2024-11-21T03:29:33.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-114523date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-006970date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201702-876date:2017-02-27T00:00:00
db:NVDid:CVE-2017-6320date:2017-07-18T14:29:00.293