Threat Intelligence: Barracuda Zero-Day Vulnerability
Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:
Barracuda have disclosed that their Email Security Gateway has been exploited.
The remote command injection vulnerability resides in incorrect sanitising of tape archives (.tar files), when a user supplied .tar file has incomplete input validation. From this, the names can be specifically formatted to allow for remote command execution through Perl’s QX operator with the privileges of the Email Security Gateway product.
Read more about the CVE detail here: CVE-2023-2868
The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 94
Barracuda released patches for this vulnerability on May 20th and 21st for their Email Security Gateway appliance, with the versions that are affected being 5.1.3.001 through 9.2.0.006.
A small subnet of Email Security Gateway appliances were accessed by threat actors, and three different malware strains have been discovered – Saltwater, Seaspy and Seaside.
Organisations who have been impacted by this have been contacted by Barracuda directly. No other Barracuda products were affected.
DigitalXRAID’s Security Analyst team recommend making sure that you are up to date with the latest version of Barracuda, and that the patch has been applied to your systems. This should have been automatically applied. If any credentials associated with the ESG appliance have been reused, these should be changed ASAP.
If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.
If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact.