Barracuda Email Security Gateway Appliance (ESG) Vulnerability (CVE-2023-2868)

A critical Remote Command Injection vulnerability (CVE-2023-2868) was identified in Barracuda Email Security Gateway (appliance form factor only) recently which would allow attacker to gain unauthorized access to a subset of ESG appliances.

Barracuda has notified affected customers via the ESG user interface about replacing their ESG appliance.

Vulnerabilities

• Remote Command Injection Vulnerability (CVE-2023-2868)
  • the vulnerability existed in a module which initially screens the attachments of incoming emails, it was utilized to obtain unauthorized access to a subset of ESG appliances, and malware was identified on a subset of appliances allowing for persistent backdoor access.

Severity Level

• Critical

Affected Systems

• Barracuda Email Security Gateway (appliance form factor only):  versions 5.1.3.001-9.2.0.006.

Remediation

• Disconnect your ESG immediately.
• Replace your ESG appliance immediately regardless of patch version level.  If you have not replaced your appliance after receiving notice in your UI, please contact your vendor or Barracuda support now (support@barracuda.com). 

Reference

• https://www.barracuda.com/company/legal/esg-vulnerability
• https://nvd.nist.gov/vuln/detail/CVE-2023-2868

Enquiry

• For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Published on: 31 May 2023