CVE-2023-26213
Published: 03 March 2023
Summary
CVE-2023-26213 is a high-severity OS Command Injection (CWE-78) vulnerability in Barracuda T100B Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 11.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-26213 is an OS command injection vulnerability (CWE-78) affecting Barracuda CloudGen WAN Private Edge Gateway devices prior to version 8 webui-sdwan-1089-8.3.1-174141891. The flaw resides in the /ajax/update_certificate endpoint, where a crafted HTTP request can pass shell metacharacters through fields such as name and password, enabling arbitrary command execution on the underlying operating system.
An authenticated attacker with high privileges can send a malicious request over the network to achieve full command execution. Successful exploitation grants the attacker the ability to read, modify, or delete data and disrupt device operations, corresponding to the CVSS 7.2 rating that reflects high impact across confidentiality, integrity, and availability.
Vendor release notes for version 8.3.1 and independent advisories from SEC Consult and Full Disclosure indicate that the issue is resolved by applying the referenced firmware update. The EPSS score rose from low values to a peak of 0.0702 before receding to the current 0.0388, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30038
Vulnerability details
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password…
more
and a password field can contain shell metacharacters.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.