Detections
Analytics

Barracuda Spam Firewall Default Credentials

high Nessus Plugin ID 22130

Language:

Synopsis

A web management console is protected using default credentials.

Description

The firmware version of the Barracuda Spam Firewall detected on the remote device contains a hard-coded password for the 'guest' user account.

Additionally, the device reportedly also contains a hard-coded password for the 'admin' account as well as the device fails to properly filter user-supplied input to the 'file' parameter of the '/cgi-bin/preview_email.cgi' script before using it to read files.
Using specially crafted strings, an unauthenticated attacker can leverage this flaw to read arbitrary files and even execute arbitrary commands on the remote host. While the web server executes as the user 'nobody', it is possible to access several system commands through the use of 'sudo' and thereby gain root privileges.

Note that Nessus has not tested for the additional issues.

Solution

Upgrading to firmware version 3.3.0.54 or later reportedly addresses the issues.

See Also

https://seclists.org/fulldisclosure/2006/Aug/116

Plugin Details

Severity: High

ID: 22130

File Name: barracuda_33054.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 8/2/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/h:barracuda_networks:barracuda_spam_firewall

Required KB Items: www/barracuda_spamfw

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/1/2006

Reference Information

CVE: CVE-2006-4000, CVE-2006-4001, CVE-2006-4081, CVE-2006-4082

BID: 19276

CERT: 199348