CVE-2019-6724
First published: Thu Mar 21 2019(Updated: )
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barracuda VPN Client | <5.0.2.7 | |
| Apple Mac OS X | ||
| Linux Linux kernel | ||
| Openbsd Openbsd |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://campus.barracuda.com/product/networkaccessclient/doc/78154147/release-notes-barracuda-vpn-client-for-macos/
- https://blog.mirch.io/2019/02/14/cve-2019-6724-barracuda-vpn-client-privilege-escalation-on-linux-and-macos/
- https://campus.barracuda.com/product/networkaccessclient/doc/78154149/release-notes-barracuda-vpn-client-for-linux/
Frequently Asked Questions
What is CVE-2019-6724?
CVE-2019-6724 is a vulnerability in the barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD.
What is the severity of CVE-2019-6724?
The severity of CVE-2019-6724 is high with a severity score of 7.8.
How can an attacker exploit CVE-2019-6724?
An unprivileged local attacker can exploit CVE-2019-6724 by loading a malicious library, resulting in arbitrary code execution as root.
Is Apple Mac OS X affected by CVE-2019-6724?
No, Apple Mac OS X is not affected by CVE-2019-6724.
Is Linux Linux kernel affected by CVE-2019-6724?
No, Linux Linux kernel is not affected by CVE-2019-6724.
Is Openbsd Openbsd affected by CVE-2019-6724?
No, Openbsd Openbsd is not affected by CVE-2019-6724.