CVE-2019-5648

Опубликовано: 12 мар. 2020

Источник: nvd

CVSS3: 8.7

CVSS3: 6.5

CVSS2: 5.5

EPSS Низкий

Описание

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.

Ссылки

https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/
Exploit
Third Party Advisory
https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:barracuda:load_balancer_adc_firmware:*:*:*:*:*:*:*:*

Версия до 6.4 (включая)

cpe:2.3:h:barracuda:load_balancer_adc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

8.7 High

CVSS3

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-5ghg-57ch-849f

github

больше 3 лет назад

EPSS

Процентиль: 66%

0.00507

Низкий

8.7 High

CVSS3

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-522