CVE-2017-6320

Published: Jul 18, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.

Affected (1)

Products: Barracuda: Load Balancer Adc

1 product

Load Balancer Adc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Barracuda Load Balancer Adc	Up to 6.0.1.006

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/42333/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/42333/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.