Barracuda ESG Appliances Breached Through Zero-Day Vulnerability

May 24, 2023

Barracuda Networks, a provider of network security solutions, recently alerted customers to a breach in some of its Email Security Gateway (ESG) appliances. The breach was caused by threat actors exploiting a zero-day vulnerability, identified as CVE-2023-2868, which has now been patched. The vulnerability was located in the module responsible for screening email attachments and was discovered on May 19. Barracuda promptly addressed the issue by releasing security patches on May 20 and 21.

The company's advisory stated, “Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023.” The advisory further explained that “The vulnerability existed in a module which initially screens the attachments of incoming emails.”

This issue could have far-reaching consequences as the affected ESG appliances are utilized by hundreds of thousands of organizations around the globe, including several high-profile businesses. Barracuda has clarified that the vulnerability does not impact its other products and that its SaaS email security services remain unaffected.

Upon investigating the flaw, the company discovered that it was exploited to target a specific subset of email gateway appliances. Barracuda notified the customers whose appliances they believe were impacted through the ESG user interface. The advisory continued, “Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.“

It is important to note that Barracuda's investigation was limited to its ESG product and did not extend to the customers' specific environments. The company recommends that impacted organizations review their networks to determine if other systems were compromised by the attackers.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.