Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4000Path Traversal in Networks Barracuda Spam Firewall

8 documents6 sources
Severity
4.0MEDIUMNVD
EPSS
4.0%
top 11.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Barracuda Networks Barracuda Spam Firewall
Timeline
PublishedAug 5
Latest updateMay 1

Description

Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDbarracuda_networks/barracuda_spam_firewall3.3.01.001, 3.3.03.053, 3.3.03.055+2

🔴Vulnerability Details

3
GHSA
GHSA-gmvp-38jx-w8g9: Directory traversal vulnerability in cgi-bin/preview_email2022-05-01
CVEList
CVE-2006-4000: Directory traversal vulnerability in cgi-bin/preview_email2006-08-05
VulnCheck
Barracuda Networks barracuda_spam_firewall Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2006

💥Exploits & PoCs

2
Exploit-DB
Motorola SB4200 - Remote Denial of Service2006-10-03
Exploit-DB
Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access2006-08-01

🔍Detection Rules

2
Suricata
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)2019-12-16
Suricata
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)2019-12-16
CVE-2006-4000 — Path Traversal | cvebase