Barracuda ESG Appliances Breached Through Zero-Day Vulnerability
May 24, 2023
Barracuda Networks, a provider of network security solutions, recently alerted customers to a breach in some of its Email Security Gateway (ESG) appliances. The breach was caused by threat actors exploiting a zero-day vulnerability, identified as CVE-2023-2868, which has now been patched. The vulnerability was located in the module responsible for screening email attachments and was discovered on May 19. Barracuda promptly addressed the issue by releasing security patches on May 20 and 21.
The company's advisory stated, “Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023.” The advisory further explained that “The vulnerability existed in a module which initially screens the attachments of incoming emails.”
This issue could have far-reaching consequences as the affected ESG appliances are utilized by hundreds of thousands of organizations around the globe, including several high-profile businesses. Barracuda has clarified that the vulnerability does not impact its other products and that its SaaS email security services remain unaffected.
Upon investigating the flaw, the company discovered that it was exploited to target a specific subset of email gateway appliances. Barracuda notified the customers whose appliances they believe were impacted through the ESG user interface. The advisory continued, “Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.“
It is important to note that Barracuda's investigation was limited to its ESG product and did not extend to the customers' specific environments. The company recommends that impacted organizations review their networks to determine if other systems were compromised by the attackers.
- OAuth Vulnerability in Expo Platform Impacts Numerous Third-Party Sites and Apps
- PyPI Back Online After Weekend Shutdown; Incident Deemed Overblown
- CISA Directs Government Agencies to Address iPhone Vulnerabilities Exploited in Attacks
- US CISA Issues Warning on Actively Exploited Samsung Vulnerability
- FIN7 Cyber Gang Resurfaces with Cl0p Ransomware in New Wave of Attacks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.