Attackers exploit a critical zero-day vulnerability in Barracuda’s Email Security Gateway Appliance (ESG). The vulnerability allows malicious actors from the network to inject commands. The manufacturer distributes updates that are intended to close the gap.
Barracuda developers explain that the vulnerability occurs when processing .tar archives because the ESG does not perform sufficient filtering in them. The software uses the names specified in the .tar archives directly in Perl scripts. Through specially manipulated file names in the .tar file, attackers can inject system commands that are executed with the privileges of the ESG software when processed (CVE-2023-2868, CVSS 9.4Risk “critical“).
Barracuda ESG: Update distributed automatically
Barracuda writes in a status report that the company became aware of the vulnerability on Friday last week. On Saturday, the company distributed a security patch to all ESG appliances worldwide. This was followed by a second update on Sunday to contain the problem.
The investigation revealed that several ESG appliances had already been attacked and the attackers had gained access to them. The analysis is still ongoing. On appliances that Barracuda classifies as being affected by specific attacks, the IT analysts have provided instructions in the user interface as to which measures should be taken. The company also reached out to customers. Since Barracuda only examined the appliance, affected customers should thoroughly check their IT environment to see whether the cybercriminals have already spread further.
IT leaders should take a look at their Barracuda ESG Appliance to see if there are any alerts and if the updates have been applied correctly.
To home page