Security News > 2023 > May > Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances.

"The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."

The shortcoming, Barracuda noted, was identified on May 19, 2023, prompting the company to deploy a patch across all ESG devices worldwide a day later.

The company's investigation uncovered evidence of active exploitation of CVE-2023-2868, resulting in unauthorized access to a "Subset of email gateway appliances."

The vulnerability offers unauthenticated attackers the ability to inject malicious JavaScript to a website, potentially allowing redirects to malvertising sites as well as the creation of rogue admin users, resulting in site takeovers.

The WordPress security company said it "Blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing."

News URL

https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html