Vulnerability title: Authentication Bypass in Barracuda Web Application
Firewall
CVE: CVE-2014-2595
Vendor: Barracuda
Product: Web Application Firewall
Affected version: Firmware v7.8.1.013
Fixed version: N/A
Reported by: Nick Hayes
Details:
It is possible to re-use a link which includes a non-expiring
authentication token in the query string to gain access to the interface
of the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013.
Example:
http://waf.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=Local&et=99999999996locale=en_US&password=5a2fd48b65c5d80881eeb0f738bcc6dc&primary_tab=SECURITY%20POLICIES&secondary_tab=request_limits&user=guest
The above link opens up the Request Limit Policies on the Barracuda labs
WAF test host as the Guest user. This has been confirmed to work on
actual devices and with administrative accounts.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
{"id": "SECURITYVULNS:DOC:31004", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall", "description": "\r\n\r\nVulnerability title: Authentication Bypass in Barracuda Web Application\r\nFirewall\r\nCVE: CVE-2014-2595\r\nVendor: Barracuda\r\nProduct: Web Application Firewall\r\nAffected version: Firmware v7.8.1.013\r\nFixed version: N/A\r\nReported by: Nick Hayes\r\n\r\nDetails:\r\n\r\nIt is possible to re-use a link which includes a non-expiring\r\nauthentication token in the query string to gain access to the interface\r\nof the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013.\r\n\r\nExample:\r\n\r\nhttp://waf.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=Local&et=99999999996locale=en_US&password=5a2fd48b65c5d80881eeb0f738bcc6dc&primary_tab=SECURITY%20POLICIES&secondary_tab=request_limits&user=guest\r\n\r\nThe above link opens up the Request Limit Policies on the Barracuda labs\r\nWAF test host as the Guest user. This has been confirmed to work on\r\nactual devices and with administrative accounts.\r\n\r\n\r\nFurther details at:\r\nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/\r\n\r\n\r\nCopyright:\r\nCopyright (c) Portcullis Computer Security Limited 2014, All rights\r\nreserved worldwide. Permission is hereby granted for the electronic\r\nredistribution of this information. It is not to be edited or altered in\r\nany way without the express written consent of Portcullis Computer\r\nSecurity Limited.\r\n\r\nDisclaimer:\r\nThe information herein contained may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare NO warranties, implied or otherwise, with regard to this information\r\nor its use. Any use of this information is at the user's risk. In no\r\nevent shall the author/distributor (Portcullis Computer Security\r\nLimited) be held liable for any damages whatsoever arising out of or in\r\nconnection with the use or spread of this information.\r\n\r\n", "published": "2014-08-11T00:00:00", "modified": "2014-08-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-2595"], "immutableFields": [], "lastseen": "2018-08-31T11:10:53", "viewCount": 2052, "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-2595"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2014-2595", "epss": "0.098150000", "percentile": "0.938600000", "modified": "2023-03-19"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1678962961, "score": 1684016453, "affected_software_major_version": 0, "epss": 1679323282}, "_internal": {"score_hash": "5d85f1819b27ff3276a5b2c516947586"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}
{"packetstorm": [{"lastseen": "2016-12-05T22:22:02", "description": "", "cvss3": {}, "published": "2014-08-04T00:00:00", "type": "packetstorm", "title": "Barracuda WAF Authentication Bypass", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-2595"], "modified": "2014-08-04T00:00:00", "id": "PACKETSTORM:127740", "href": "https://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "sourceData": "`Vulnerability title: Authentication Bypass in Barracuda Web Application \nFirewall \nCVE: CVE-2014-2595 \nVendor: Barracuda \nProduct: Web Application Firewall \nAffected version: Firmware v7.8.1.013 \nFixed version: N/A \nReported by: Nick Hayes \n \nDetails: \n \nIt is possible to re-use a link which includes a non-expiring \nauthentication token in the query string to gain access to the interface \nof the Barracuda Web Application Firewall (WAF) firmware version 7.8.1.013. \n \nExample: \n \nhttp://waf.ptest.cudasvc.com/cgi-mod/index.cgi?auth_type=Local&et=99999999996locale=en_US&password=5a2fd48b65c5d80881eeb0f738bcc6dc&primary_tab=SECURITY%20POLICIES&secondary_tab=request_limits&user=guest \n \nThe above link opens up the Request Limit Policies on the Barracuda labs \nWAF test host as the Guest user. This has been confirmed to work on \nactual devices and with administrative accounts. \n \n \nFurther details at: \nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/ \n \n \nCopyright: \nCopyright (c) Portcullis Computer Security Limited 2014, All rights \nreserved worldwide. Permission is hereby granted for the electronic \nredistribution of this information. It is not to be edited or altered in \nany way without the express written consent of Portcullis Computer \nSecurity Limited. \n \nDisclaimer: \nThe information herein contained may change without notice. Use of this \ninformation constitutes acceptance for use in an AS IS condition. There \nare NO warranties, implied or otherwise, with regard to this information \nor its use. Any use of this information is at the user's risk. In no \nevent shall the author/distributor (Portcullis Computer Security \nLimited) be held liable for any damages whatsoever arising out of or in \nconnection with the use or spread of this information. \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/127740/barracuda-bypass.txt"}], "securityvulns": [{"lastseen": "2021-06-08T18:49:37", "description": "XSS, restrictions bypass.", "cvss3": {}, "published": "2014-08-26T00:00:00", "type": "securityvulns", "title": "Barracuda Networks Firewall / Web Firewall / Spam&Virus Firewall security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-2595"], "modified": "2014-08-26T00:00:00", "id": "SECURITYVULNS:VULN:13887", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13887", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-05-21T10:08:44", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "type": "cve", "title": "CVE-2014-2595", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}]}