Latest Barracuda Networks vulnerabilities #
Certain versions of Barracuda Networks Barracuda Message Archiver (BMA) are affected by a reflected Cross-Site Scripting (XSS) N-Day vulnerability. The vulnerability results from the URL error query parameter not being properly sanitized. This allows an adversary to inject malicious JavaScript into the DOM of the login panel. The malicious JavaScript could include a keystroke logger, as demonstrated in the initial disclosure, or leverage other post exploitation tooling like BeEF.
The following versions are affected
- Barracuda Message Archiver 5.4.2.002
The extent of the vulnerable versions is currently unknown.
What is the impact? #
As seen in the disclosure, a simple keystroke logger may allow an adversary to harvest valid user credentials from keystrokes, pasted strings, or autofilled logins. Successful exploitation of the vulnerability would enable an adversary to gain access to the system by convincing a victim to navigate to a specially crafted URL and enter their credentials.
Are updates or workarounds available? #
Users are encouraged to upgrade affected systems to the new versions when a patch is available. Raise user awareness about possible phishing and spear‑phishing campaign involving links to your Barracuda Message Archiver.
How to find potentially vulnerable systems with runZero #
From the Service inventory, use the following query to locate potentially vulnerable assets:
_asset.protocol:http AND protocol:http AND has:last.http.body AND last.http.body:"/css/archiver.css" AND last.http.body:"barracuda_info"
