Shodan
Vulnerabilities
Vulnerable Software
Barracuda:  Security Vulnerabilities
CVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
CVSS Score
9.8
EPSS Score
0.575
Published
2020-02-12
CVE-2019-6724
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-21
CVE-2018-20369
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-12-23
CVE-2014-8426
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-08-28
CVE-2014-8428
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-08-28
CVE-2017-6320
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.
CVSS Score
8.8
EPSS Score
0.286
Published
2017-07-18
CVE-2015-0962
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-05-25
CVE-2015-0961
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved