Home / exploitsPDF  

Barracuda CloudGen WAN OS Command Injection

Posted on 03 March 2023

Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.

 

TOP