Remote Command Execution Vulnerability in Barracuda Spam Firewall
CVE-2005-2847

Currently unrated

Key Information:

Vendor: Barracuda Networks
Status: Barracuda Spam Firewall
Vendor: CVE Published:; 8 September 2005

🔔 Create Barracuda Networks Vulnerability Alert

What is CVE-2005-2847?

The Barracuda Spam Firewall, specifically firmware versions 3.1.16 and 3.1.17, has a vulnerability that allows remote attackers to execute arbitrary commands. This is accomplished through the improper handling of shell metacharacters in the 'f' parameter of the img.pl script, which can result in unauthorized command execution and potentially compromise the system.

References

http://www.securityfocus.com/bid/14712

vdb-entryx_refsource_BID

http://www.securitytracker.com/alerts/2005/Sep/1014837.html

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/16683/

third-party-advisoryx_refsource_SECUNIA

EPSS Score

87% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2005
Vulnerability Reserved
Sep 8, 2005

JSON