Security News > 2023 > May > Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances.
"The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."
The shortcoming, Barracuda noted, was identified on May 19, 2023, prompting the company to deploy a patch across all ESG devices worldwide a day later.
The company's investigation uncovered evidence of active exploitation of CVE-2023-2868, resulting in unauthorized access to a "Subset of email gateway appliances."
The vulnerability offers unauthenticated attackers the ability to inject malicious JavaScript to a website, potentially allowing redirects to malvertising sites as well as the creation of rogue admin users, resulting in site takeovers.
The WordPress security company said it "Blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing."
News URL
https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html
Related news
- PostgreSQL flaw exploited as zero-day in BeyondTrust breach (source)
- Australian fertility services giant Genea hit by security breach (source)
- Drug-screening biz DISA took a year to disclose security breach affecting millions (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-24 | CVE-2023-2868 | Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. | 9.8 |