CVE-2023-26213 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2023-26213?

CVE-2023-26213 has a CVSS score of 7.2 (HIGH). This CVE describes an OS command injection vulnerability in Barracuda CloudGen WAN Private Edge Gateway devices. Authenticated attackers can execute arbitrary commands via crafted HTTP requests to the /ajax/update_certificate endpoint. Organizations using affected versions of these networking devices are at risk.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Barracuda CloudGen WAN Private Edge Gateway devices. Authenticated attackers can execute arbitrary commands via crafted HTTP requests to the /ajax/update_certificate endpoint. Organizations using affected versions of these networking devices are at risk.

💻 Affected Systems

Products:

Barracuda CloudGen WAN Private Edge Gateway

Versions: All versions before 8 webui-sdwan-1089-8.3.1-174141891

Operating Systems: Barracuda proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web UI, but default configurations may be vulnerable if standard credentials are used.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise leading to network pivoting, data exfiltration, ransomware deployment, or persistent backdoor installation across the entire network infrastructure.

🟠

Likely Case

Unauthorized administrative access to the device, configuration changes, credential harvesting, and lateral movement within the network.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and restricted administrative access preventing exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details are publicly available in security advisories. The vulnerability requires authentication but has low technical complexity to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8 webui-sdwan-1089-8.3.1-174141891 or later

Vendor Advisory: https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/

Restart Required: Yes

Instructions:

1. Log into the Barracuda CloudGen WAN management portal. 2. Navigate to device management. 3. Check for available firmware updates. 4. Apply update 8.3.1-174141891 or later. 5. Reboot the device after update completion.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit access to the web UI to only trusted IP addresses and require multi-factor authentication.

Network Segmentation

all

Isolate the management interface from general network traffic and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the device's management interface
Monitor for suspicious activity including unusual HTTP requests to /ajax/update_certificate endpoint

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web UI or CLI. If version is earlier than 8.3.1-174141891, the device is vulnerable.

Check Version:

Login to device web UI and check System > Status > Firmware Version, or use CLI command 'show version'

Verify Fix Applied:

Confirm firmware version is 8.3.1-174141891 or later after applying the update.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /ajax/update_certificate with shell metacharacters in parameters
Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound connections from the device
Traffic patterns inconsistent with normal device operation

SIEM Query:

source="barracuda_firewall" AND (url="/ajax/update_certificate" AND (param="password" OR param="name") AND value MATCHES "[;|&`$()]+")

📊 Metadata

CVE ID: CVE-2023-26213

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: March 3, 2023

Last Updated: March 7, 2025

🔗 References

http://seclists.org/fulldisclosure/2023/Mar/2 Exploit,Mailing List,Third Party Advisory
https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/ Release Notes
https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/ Exploit,Third Party Advisory
https://www.barracuda.com/products/network-security/cloudgen-wan Product
http://seclists.org/fulldisclosure/2023/Mar/2 Exploit,Mailing List,Third Party Advisory
https://campus.barracuda.com/product/cloudgenwan/doc/96024723/release-notes-8-3-1/ Release Notes
https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/ Exploit,Third Party Advisory
https://www.barracuda.com/products/network-security/cloudgen-wan Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26213, you might also want to check these: