CVE-2017-6320

HIGH

Barracuda Load Balancer ADC < 6.0.1.006 - Authenticated OS Command Injection via delete_assessment Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6320. PoCs published by xort.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Barracuda Load Balancer Firmware <= v6.0.1.006, leveraging poor sudo permissions to escalate privileges to root. It authenticates via the web interface, injects commands via the 'UPDATE_scan_information_in_use' parameter, and executes arbitrary payloads.

Description

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.

Exploits (1)

exploitdb WORKING POC

by xort · rubywebappshardware

https://www.exploit-db.com/exploits/42333

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Barracuda Load Balancer Firmware <= v6.0.1.006, leveraging poor sudo permissions to escalate privileges to root. It authenticates via the web interface, injects commands via the 'UPDATE_scan_information_in_use' parameter, and executes arbitrary payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Barracuda Load Balancer Firmware <= v6.0.1.006

Auth required

Prerequisites: Valid credentials for the Barracuda Load Balancer web interface · Network access to the target device

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42333/

Scores

CVSS v3 8.8

EPSS 0.1108

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

barracuda/load_balancer_adc < 6.0.1.006

Published Jul 18, 2017

Tracked Since Feb 18, 2026