Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731fBarracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
7086b580e0510a02f02451754011dfa92817d22fce4942667a0c2c95727a7c68The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.
c30a6c337f827c7f205331146c21efde524fe526807aea264c31e3482104d705Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.
41af7991ec90055d2e9576142c80137283f105fdc993d700215ae487f134beefFirmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.
e7f34bb9440ee19f081d01c8da99a0e8de3728fcc56a3f073d87f5c8a3cf2ad7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed