Vulnerabilities > Barracuda > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-26213 | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
| 2021-12-01 | CVE-2021-42711 | Incorrect Default Permissions vulnerability in Barracuda Network Access Client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. | 7.8 |
| 2019-03-21 | CVE-2019-6724 | Untrusted Search Path vulnerability in Barracuda VPN Client 5.0/5.0.2.5 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | 7.8 |
| 2017-07-18 | CVE-2017-6320 | OS Command Injection vulnerability in Barracuda Load Balancer ADC A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. | 8.8 |