Operating System:

[Appliance]

Published:

25 July 2014

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ASB-2014.0087 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0087
BNSEC-02398: Authenticated non-persistent XSS in Barracuda Firewall v6.1.2
                               25 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Barracuda Firewall
Operating System:     Network Appliance
Impact/Access:        Cross-site Scripting -- Existing Account
Resolution:           Patch/Upgrade
Member content until: Sunday, August 24 2014

OVERVIEW

        A vulnerability has been reported in Barracuda Firewall v6.1.2. [1]


IMPACT

        Barracuda has provided the following details regarding these issues:
        
        "The Barracuda Firewall in the versions listed above is susceptible 
        to an authenticated non-persistent cross-site scripting attack 
        (XSS). Requires administrative privileges. Due to the authenticated
        nature of this attack, it poses little risk." [1]


MITIGATION

        The vendor recommends upgrading to the latest version of the 
        affected product. [1]


REFERENCES

        [1] BNSEC-02398: Authenticated non-persistent XSS in Barracuda Firewall
            v6.1.2
            https://www.barracuda.com/support/knowledgebase/501600000013m1P

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU9GtnBLndAQH1ShLAQJwoxAAj1/jLN4uzXwyGVWBGcTBO/nhxOquMzLv
/KfjEg6ElqaY1uBkE9teqqcfreW//ILCFL0CgTaN9rUyVglsxGAXF0+Owsn6UwpT
uMv6P9J+USvNFrR6bVhl9T5us9UyYDEeW/0OKXqv8erBZP9nMLr0XSlT3rFTMcb9
QGuvUxPTLW7cSGWT+d4ZAIwPOsK4M/BohOGxuIVOZr0teq1o/xWsCxz724UjP8gG
gsmiucpSvg9on2cdTlNoeU/UROk2IAop5gxynDma2rMy+gIHU5ylXwh8sH/I4+dd
ykpuah5DhWBosYn46Za4AuVuKUWvX5ahiCXLeEmOvI9wrRIRqrZi8kqS5zpIVVb4
rKjBkYpsjp4bFYXLSnQCaonMCmVJRyOwimR3w9GWzgBYBlkjG8KeXCU5xqgiNc7g
0YoDCj0/PF/i9sq7BobsKwanTTbfwx+HHSv3J8G1+xLK7reNKorrWYIqsVwMuqj+
Qb+AsU/CL87tNUk8Hmt6PCoio6wKLzXEQv5Y7H2c01qkVMg76SibLBAFr/wzNVDD
c6n+1iBQ4hOVpPFnqlpiyKM94sjkP7O65S0TnFpvpgvTgTmQTqfii0M1DRTpHsdf
NestABPGexUzKN5y9g0At9gTk39qSd/LRoQOhuCohfmwXIML9XMUNm+o3Eh3rK7U
+oSlFIZyez4=
=qV93
-----END PGP SIGNATURE-----