- 122/2023
- Critical
Barracuda has released a security update to address a zero-day vulnerability across Email Security Gateway (ESG) appliances versions 5.1.3.001-9.2.0.006.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system with the privileges of the Email Security Gateway product by attaching a specially crafted TAR archive file in the email and gain unauthorized access to the affected system.
The addressed vulnerability:
Barracuda Email Security Gateway Command Execution (CVE-2023-2868):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that the addressed vulnerability is actively exploited in the wild by many threat actors to deploy their malware.
Vulnerabilities
CVE-2023-2868
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.