CVE-2023-2868 Exploit

CVE-2023-2868 Exploit

vRuby by Prapattimynk

https://attackerkb.com/topics/2Z0CWopGPX/cve-2023-2868/rapid7-analysis

Android Android 5.0Exploits And POCs
( 174 ratings )
Price: $0
File CVE-2023-2868 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size 2.5kb
File Type Ruby
Os All
Mod Version Ruby
Report Report
CVE-2023-2868 Exploit is the most famous version in the CVE-2023-2868 Exploit series of publisher
Download

💥Detailed analysis of CVE-2023-2868(shell command injection vulnerability in the #Barracuda Secure Email Gateway appliance).The vulnerability exists in a module that screens attachments of incoming emails and is triggered by crafted .tar files. Successful exploitation allows remote, unauthenticated attackers to execute code on appliances in the context of a privileged user. 🔖 PoC for CVE-2023-2868Usage:Set LHOST and RHOST variables to your listener.ruby poc_cve_2023_2868.rb This will spawn a reverse shell.

Description
On May 30, 2023, Barracuda Networks published an advisory for CVE-2023-2868, an easily exploitable remote command injection vulnerability affecting several versions of Barracuda Email Security Gateway (ESG) appliances. The vulnerability exists in a module that screens attachments of incoming emails and is triggered by crafted .tar files. Successful exploitation allows remote, unauthenticated attackers to execute code on appliances in the context of a privileged user. CVE-2023-2868 carries a CVSS score of 9.8. According to the vendor advisory, CVE-2023-2868 has been exploited in the wild since October 2022.

Affected systems include Barracuda Email Security Gateway appliances with firmware versions 5.1.3.001 – 9.2.0.006 (appliance form factor only). We tested against a Barracuda ESG 300 firmware version 8.0.1.001 to confirm exploitability. Tests against virtual machine instances were not successful.

Technical analysis
Exploiting this vulnerability proved to be simple, but finding a valid test target served to be more challenging. Our proof of concept (PoC) started off with the hint from Mandiant’s blog mentioning that filenames within TAR files as the attack vector. With that in mind, we developed our PoC with code that creates tarfiles containing user-controlled filenames and data.



Recommended for You

You may also like

1 Comments

  1. 4 months ago

    Great article, exactly what I needed.

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.