admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-28xx/CVE-2023-2868.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

248 lines
7.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-2868",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-05-24T19:15:09.363",
"lastModified": "2023-06-01T20:14:55.053",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2023-05-26",
"cisaActionDue": "2023-06-16",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Barracuda Networks ESG Appliance Improper Input Validation Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives).\u00a0The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.\u00a0This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.3.001",
"versionEndIncluding": "9.2.0.006",
"matchCriteriaId": "F270DBDA-EE31-4AF0-8743-D742467485CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "824DAE15-3628-4346-947E-C33FA46AADE6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.3.001",
"versionEndIncluding": "9.2.0.006",
"matchCriteriaId": "4A9B9E0B-F8D4-4626-AD39-BD525D638693"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD3DD62-D690-47F9-8416-61AD78B33699"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.3.001",
"versionEndIncluding": "9.2.0.006",
"matchCriteriaId": "83D228EA-35C8-4B6E-9D22-CF0F7C20362B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C507D86-2E68-44A4-A31C-EEF9A6BBEE54"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.3.001",
"versionEndIncluding": "9.2.0.006",
"matchCriteriaId": "8ADAC6B0-DE92-41F6-B8B1-1C830BB70C24"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D999D5-6CE5-49F7-A0C5-0B44704FEE45"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.3.001",
"versionEndIncluding": "9.2.0.006",
"matchCriteriaId": "C5A27A43-E632-4C8A-A9F8-49C6E091E7ED"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA6EA4B-B0FF-437B-A48E-F11D0CD5EB2B"
}
]
}
]
}
],
"references": [
{
"url": "https://status.barracuda.com/incidents/34kx82j5n4q9",
"source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.barracuda.com/company/legal/esg-vulnerability",
"source": "cve-coordination@google.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink