Barracuda discloses critical zero-day flaw affecting ESG appliances
Take action: If you've left your house door open, you don't just lock it. You check every room for intruders and stolen things. In this advisory, patch fast but also take the time to check your systems and network for intrusion.
Learn More
Barracuda Networks has revealed a zero-day vulnerability on certain email gateway appliances. The vulnerability is exploited by malicious actors in the wild.
Barracuda Networks discovered the flaw on May 19 and promptly released patches on May 20 and 21 to address the issue. The vulnerability, known as CVE-2023-2868, was found in a module responsible for screening incoming email attachments.
Barracuda Networks clarified that this flaw only affected their email security gateway (ESG) product and assured that no other products were susceptible. The vulnerability is an input validation problem for user-supplied TAR files, potentially allowing unauthorized individuals to gain remote access.
The users of ESG sustems were notified through the ESG user interface, providing instructions on necessary actions. Impacted customers were advised to review their setups and consider any additional measures within their networks since they may have already been compromised.
