Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities
Title: Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities
Advisory ID: ZSL-2013-5147
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 01.07.2013
[16.03.2013] Contact with the vendor.
[17.03.2013] Vendor replies.
[19.03.2013] Working with the vendor.
[28.03.2013] Vendor confirms issues, track BNSEC-1239.
[15.04.2013] Asked vendor for status update.
[17.04.2013] Vendor replies.
[18.04.2013] Confirming that the issues are still present on the demo test sites. (v2.3.3.193)
[07.05.2013] Vendor informs that the version 2.3.3.216 since 13.03.2013 is patched from these issues.
[08.05.2013] Coordinating with the vendor.
[08.06.2013] Vendor confirms that as of firmware version 2.3.3.216 the issues have been resolved.
[01.07.2013] Coordinated public security advisory released.
[2] http://barracudalabs.com/?page_id=3456
[3] http://barracudalabs.com/?page_id=3458
[4] http://www.exploit-db.com/exploits/26527/
[5] http://cxsecurity.com/issue/WLB-2013070014
[6] http://1337day.com/exploit/20959
[7] http://packetstormsecurity.com/files/122245
[8] http://www.osvdb.org/show/osvdb/94727
[9] http://www.osvdb.org/show/osvdb/94728
[10] http://www.osvdb.org/show/osvdb/94729
[11] http://www.osvdb.org/show/osvdb/94730
[12] http://www.osvdb.org/show/osvdb/94731
[13] http://secunia.com/advisories/53982/
[14] http://www.securityfocus.com/bid/60906
[15] http://xforce.iss.net/xforce/xfdb/85419
[16] http://securitytracker.com/id/1028736
[17] http://www.scip.ch/en/?vuldb.9310
[18] http://www.scip.ch/en/?vuldb.9311
[19] http://www.scip.ch/en/?vuldb.9312
[20] http://www.scip.ch/en/?vuldb.9313
[21] http://www.scip.ch/en/?vuldb.9314
[22] http://www.securiteam.com/securitynews/6M0372A8KA.html
[23] http://www.securiteam.com/securitynews/6J037158UM.html
[02.07.2013] - Added reference [4], [5], [6], [7], [8], [9], [10], [11] and [12]
[03.07.2013] - Added reference [13] and [14]
[07.07.2013] - Added reference [15] and [16]
[19.07.2013] - Added reference [17], [18], [19], [20] and [21]
[31.10.2013] - Added reference [22]
[15.11.2013] - Added reference [23]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2013-5147
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 01.07.2013
Summary
The Barracuda SSL VPN is a powerful plug-and-play appliance purpose-built to provide remote users with secure access to internal network resources.Description
Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.Vendor
Barracuda Networks, Inc. - https://www.barracuda.comAffected Version
2.3.3.193, Model: V680Tested On
Linux 2.4.x, Jetty Web ServerVendor Status
[05.03.2013] Vulnerabilities discovered.[16.03.2013] Contact with the vendor.
[17.03.2013] Vendor replies.
[19.03.2013] Working with the vendor.
[28.03.2013] Vendor confirms issues, track BNSEC-1239.
[15.04.2013] Asked vendor for status update.
[17.04.2013] Vendor replies.
[18.04.2013] Confirming that the issues are still present on the demo test sites. (v2.3.3.193)
[07.05.2013] Vendor informs that the version 2.3.3.216 since 13.03.2013 is patched from these issues.
[08.05.2013] Coordinating with the vendor.
[08.06.2013] Vendor confirms that as of firmware version 2.3.3.216 the issues have been resolved.
[01.07.2013] Coordinated public security advisory released.
PoC
barracuda_sslvpn_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://updates.cudasvc.com/cgi-bin/view_release_notes.cgi?type=bvsware&version=2.3.3.216[2] http://barracudalabs.com/?page_id=3456
[3] http://barracudalabs.com/?page_id=3458
[4] http://www.exploit-db.com/exploits/26527/
[5] http://cxsecurity.com/issue/WLB-2013070014
[6] http://1337day.com/exploit/20959
[7] http://packetstormsecurity.com/files/122245
[8] http://www.osvdb.org/show/osvdb/94727
[9] http://www.osvdb.org/show/osvdb/94728
[10] http://www.osvdb.org/show/osvdb/94729
[11] http://www.osvdb.org/show/osvdb/94730
[12] http://www.osvdb.org/show/osvdb/94731
[13] http://secunia.com/advisories/53982/
[14] http://www.securityfocus.com/bid/60906
[15] http://xforce.iss.net/xforce/xfdb/85419
[16] http://securitytracker.com/id/1028736
[17] http://www.scip.ch/en/?vuldb.9310
[18] http://www.scip.ch/en/?vuldb.9311
[19] http://www.scip.ch/en/?vuldb.9312
[20] http://www.scip.ch/en/?vuldb.9313
[21] http://www.scip.ch/en/?vuldb.9314
[22] http://www.securiteam.com/securitynews/6M0372A8KA.html
[23] http://www.securiteam.com/securitynews/6J037158UM.html
Changelog
[01.07.2013] - Initial release[02.07.2013] - Added reference [4], [5], [6], [7], [8], [9], [10], [11] and [12]
[03.07.2013] - Added reference [13] and [14]
[07.07.2013] - Added reference [15] and [16]
[19.07.2013] - Added reference [17], [18], [19], [20] and [21]
[31.10.2013] - Added reference [22]
[15.11.2013] - Added reference [23]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
