CVE-2019-5648

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
Configurations

Configuration 1


Information

Published : 2020-03-12 01:15

Updated : 2020-03-12 04:35


NVD link : CVE-2019-5648

Mitre link : CVE-2019-5648

CWE