high
8.7
CWE
522
Advisory Published
Updated

CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC

First published: Thu Mar 12 2020(Updated: )

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.

Credit: cve@rapid7.con

Affected SoftwareAffected VersionHow to fix
Barracuda Load Balancer Adc Firmware<=6.4
Barracuda Load Balancer ADC

Remedy

Administrators should ensure that their Barracuda Load Balancer ADC is on either a 6.3.x or 6.4.x version so that the patch can be applied through Barracuda's automated security patching system. Ensure that you have not intentionally disabled the security update system. Administrators should update their Barracuda Load Balancer ADC devices to the latest firmware versions as they become available. Version 6.5 will ship with the patch for CVE-2019-5648.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-5648?

    CVE-2019-5648 is a vulnerability that allows authenticated administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 to edit the LDAP service configuration and change the LDAP server to an attacker-controlled system without re-entering LDAP credentials.

  • How severe is the vulnerability CVE-2019-5648?

    The severity of CVE-2019-5648 is high, with a severity value of 6.5.

  • What software is affected by CVE-2019-5648?

    The Barracuda Load Balancer ADC running unpatched firmware <= v6.4 is affected by CVE-2019-5648.

  • How can I fix CVE-2019-5648?

    To fix CVE-2019-5648, it is recommended to update the firmware of the Barracuda Load Balancer ADC to a version higher than 6.4.

  • Where can I find more information about CVE-2019-5648?

    You can find more information about CVE-2019-5648 at the following link: https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203