Security News > 2023 > June > Replace Barracuda ESG appliances, company urges
Barracuda Networks is urging customers running phyisical Email Security Gateway appliances to replace them immediately, "Regardless of patch version level."
Barracuda has identified a critical vulnerability in their ESG appliances on May 19, 2023, and pushed a patch to them all on the following day.
On May 21, "a script was deployed to all impacted appliances to contain the incident and counter unauthorized access methods."
The remote command injection vulnerability affected versions 5.1.3.001 to 9.2.0.006 of the physical appliance and was being exploited by attackers in the wild, "To obtain unauthorized access to a subset of ESG appliances."
Barracuda initially advised customers to rotate any credentials connected to the ESG appliance and promised to replace the affected device.
The company issued an urgent action notice, prompting all affected customers to replace their impacted ESG appliances as soon as possible.
News URL
https://www.helpnetsecurity.com/2023/06/09/replace-barracuda-esg-appliances/