Barracuda Email Security Gateway Appliance (ESG) Critical Vulnerability
Barracuda states that impacted ESG appliances must be immediately replaced regardless of patch version level
Summary
Barracuda states that impacted ESG appliances must be immediately replaced regardless of patch version level
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2023-2868
Barracuda states that the earliest evidence of exploitation was in October 2022, and attackers were able to obtain unauthorised access to a subset of ESG appliances. Malware was identified on a subset of appliances that would allow for persistent backdoor access. In addition, evidence of data exfiltration was identified.
Barracuda has reached out to those specific customers.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2868 to their Known Exploited Vulnerability Catalog.
Introduction
Barracuda has released a critical security update to address a remote command injection vulnerability, known as CVE-2023-2868, in their Barracuda Email Security Gateway (ESG) appliances. Exploitation of this vulnerability could allow a remote unauthenticated attacker to execute system commands with the privileges of the ESG product.
Barracuda has recorded exploitation of this vulnerability in this appliance.
Action Notice from Barracuda
On June 6, 2023, Barracuda added the following statements to the advisory:
ACTION NOTICE:
Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now ([email protected]).
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.
Remediation advice
Affected organisations are encouraged to review Barracuda's security advisory and contact their supplier for more information.
Definitive source of threat updates
Last edited: 15 June 2023 3:14 pm