On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-03T00:00:00
Updated: 2024-08-02T11:46:23.292Z
Reserved: 2023-02-20T00:00:00
Link: CVE-2023-26213
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-03-03T22:15:09.840
Modified: 2023-03-10T14:53:13.973
Link: CVE-2023-26213
Redhat
No data.