Security News > 2023 > May > Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances.
"The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."
The shortcoming, Barracuda noted, was identified on May 19, 2023, prompting the company to deploy a patch across all ESG devices worldwide a day later.
The company's investigation uncovered evidence of active exploitation of CVE-2023-2868, resulting in unauthorized access to a "Subset of email gateway appliances."
The vulnerability offers unauthenticated attackers the ability to inject malicious JavaScript to a website, potentially allowing redirects to malvertising sites as well as the creation of rogue admin users, resulting in site takeovers.
The WordPress security company said it "Blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing."
News URL
https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Zero-day data security (source)
- Phishers send corrupted documents to bypass email security (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |