25 May 2023

Barracuda’s email gateway appliances breached via zero-day bug


Barracuda’s email gateway appliances breached via zero-day bug

Barracuda, a provider of email and network security solutions, has warned its customers that some of its Email Security Gateway (ESG) appliances have been compromised using a zero-day vulnerability in one of the modules.

Tracked as CVE-2023-2868, the flaw is an OS command injection issue that can be exploited by a remote hacker to execute arbitrary Perl commands on the target system.

The vulnerability was identified on May 19 and a security patch to address the bug was applied to all ESG appliances worldwide on May 20, 2023, the vendor said.

The vulnerability resided in a module which initially screens the attachments of incoming emails. Other Barracuda’s products, including SaaS email security services, are not affected, the company assured.

”We took immediate steps to investigate this vulnerability. Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances,” the vendor said, without disclosing any additional details regarding attacks on its equipment.

“Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.”


Back to the list

Latest Posts

Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak.
29 May 2023
Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023