CVE-2019-5648

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:barracuda:load_balancer_adc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:load_balancer_adc:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-12 13:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-5648

Mitre link : CVE-2019-5648

CVE.ORG link : CVE-2019-5648


JSON object : View

Products Affected

barracuda

  • load_balancer_adc
  • load_balancer_adc_firmware
CWE
CWE-522

Insufficiently Protected Credentials