Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2847

6 documents5 sources

Severity

7.5HIGH

EPSS

87.0%

top 0.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Barracuda Networks Barracuda Spam Firewall

Timeline

PublishedSep 8

Latest updateMay 1

Description

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDbarracuda_networks/barracuda_spam_firewall3.1.16, 3.1.17+1

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-3gpf-pr7r-gxcf: img↗2022-05-01

▶

CVEList

CVE-2005-2847: img↗2005-09-08

▶

VulnCheck

Barracuda Networks barracuda_spam_firewall Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2005

▶

💥Exploits & PoCs

Exploit-DB

Barracuda - IMG.pl Remote Command Execution (Metasploit)↗2010-04-30

▶

Exploit-DB

Barracuda Spam Firewall < 3.1.18 - Command Execution (Metasploit)↗2005-09-27

▶