Security News > 2023 > May > Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)
A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned.
CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.
"The vulnerability arises out of a failure to comprehensively sanitize the processing of.tar file. [It] stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product," says the official CVE listing.
The company identified the vulnerability on May 19, 2023, and pushed a patch to all ESG appliances worldwide on May 20, 2023.
"As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers," the company said, but did not explain what the second patch does.
Reddit users on the sysadmin subreddit have lamented the vagueness of the public alert and one of them shared the email sent by Barracuda's support team, in which it advised customers to rotate any credentials connected to the ESG appliance: LDAP, AD, Barracuda Cloud Control, FTP and SMB credentials, as well as any private TLS certificates.
News URL
https://www.helpnetsecurity.com/2023/05/25/cve-2023-2868/
Related news
- Vulnerability allows Yubico security keys to be cloned (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Security measures fail to keep up with rising email attacks (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |