Security News > 2023 > May > Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)
A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned.
CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.
"The vulnerability arises out of a failure to comprehensively sanitize the processing of.tar file. [It] stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product," says the official CVE listing.
The company identified the vulnerability on May 19, 2023, and pushed a patch to all ESG appliances worldwide on May 20, 2023.
"As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers," the company said, but did not explain what the second patch does.
Reddit users on the sysadmin subreddit have lamented the vagueness of the public alert and one of them shared the email sent by Barracuda's support team, in which it advised customers to rotate any credentials connected to the ESG appliance: LDAP, AD, Barracuda Cloud Control, FTP and SMB credentials, as well as any private TLS certificates.
- Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances (source)
- Windows zero-day vulnerability exploited in ransomware attacks (source)
- Syncro joins forces with Proofpoint to offer MSPs an email security suite (source)
- Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability (source)
- Update now: Google emits emergency fix for zero-day Chrome vulnerability (source)
- Level Finance crypto exchange hacked after two security audits (source)
- Malicious links and misaddressed emails slip past security controls (source)
- Barracuda warns of email gateways breached via zero-day flaw (source)
- The Essential Guide to Cloud Email Security (source)
- Augmenting Your Microsoft 365 EOP and MDO Email Security Infrastructure (source)
|2023-05-24||CVE-2023-2868|| A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. || 0.0 |