CVE-2023-26213: OS Command Injection
First published: Fri Mar 03 2023(Updated: )
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barracuda T100b Firmware | =8.3.1 | |
| Barracuda T100b | ||
| Barracuda T200c Firmware | =8.3.1 | |
| Barracuda T200c | ||
| Barracuda T400c Firmware | =8.3.1 | |
| Barracuda T400c | ||
| Barracuda T600d Firmware | =8.3.1 | |
| Barracuda T600d | ||
| Barracuda T900b Firmware | =8.3.1 | |
| Barracuda T900b | ||
| Barracuda T93a Firmware | =8.3.1 | |
| Barracuda T93a | ||
| Barracuda T193a Firmware | =8.3.1 | |
| Barracuda T193a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-26213.
What is the severity of CVE-2023-26213?
The severity of CVE-2023-26213 is high with a severity value of 7.2.
How does CVE-2023-26213 affect Barracuda CloudGen WAN Private Edge Gateway devices?
CVE-2023-26213 allows an authenticated attacker to execute arbitrary commands on Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891.
How can I fix CVE-2023-26213?
To fix CVE-2023-26213, update the affected Barracuda CloudGen WAN Private Edge Gateway devices to version 8 webui-sdwan-1089-8.3.1-174141891 or later.
Where can I find more information about CVE-2023-26213?
You can find more information about CVE-2023-26213 at the following references: [link1](http://seclists.org/fulldisclosure/2023/Mar/2), [link2](https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/), [link3](https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/barracuda
- canonical/barracuda t100b firmware
- version/barracuda t100b firmware/8.3.1
- canonical/barracuda t100b
- canonical/barracuda t200c firmware
- version/barracuda t200c firmware/8.3.1
- canonical/barracuda t200c
- canonical/barracuda t400c firmware
- version/barracuda t400c firmware/8.3.1
- canonical/barracuda t400c
- canonical/barracuda t600d firmware
- version/barracuda t600d firmware/8.3.1
- canonical/barracuda t600d
- canonical/barracuda t900b firmware
- version/barracuda t900b firmware/8.3.1
- canonical/barracuda t900b
- canonical/barracuda t93a firmware
- version/barracuda t93a firmware/8.3.1
- canonical/barracuda t93a
- canonical/barracuda t193a firmware
- version/barracuda t193a firmware/8.3.1
- canonical/barracuda t193a