X
NEXT
Forgot password?

DigitalXRAID

Threat Intelligence: Barracuda Zero-Day Vulnerability 

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts: 

Barracuda have disclosed that their Email Security Gateway has been exploited.  

The remote command injection vulnerability resides in incorrect sanitising of tape archives (.tar files), when a user supplied .tar file has incomplete input validation. From this, the names can be specifically formatted to allow for remote command execution through Perl’s QX operator with the privileges of the Email Security Gateway product. 

Read more about the CVE detail here: CVE-2023-2868 

The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 94 

Barracuda released patches for this vulnerability on May 20th and 21st for their Email Security Gateway appliance, with the versions that are affected being 5.1.3.001 through 9.2.0.006.  

A small subnet of Email Security Gateway appliances were accessed by threat actors, and three different malware strains have been discovered – Saltwater, Seaspy and Seaside.  

Organisations who have been impacted by this have been contacted by Barracuda directly. No other Barracuda products were affected. 

DigitalXRAID’s Security Analyst team recommend making sure that you are up to date with the latest version of Barracuda, and that the patch has been applied to your systems. This should have been automatically applied. If any credentials associated with the ESG appliance have been reused, these should be changed ASAP. 

If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.      

If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact. 

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]