Barracuda Alerts Zero-Day Exploited to Breach Email Security Gateway Equipment
Email protection and network security service provider Barracuda warned users about a zero-day weakness it said had been exploited to penetrate the company’s Email Security Gateway (ESG) equipment.
Zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.
Company headquartered in California said the problem is rooted in a component that filters incoming e-mail attachments.
“The vulnerability arose from a failure to comprehensively clean up processing of .tar files (cassette archives),” according to one advisor from the NIST national vulnerability database.
“The vulnerability stems from incomplete input validation of the user-supplied .tar file as it relates to the filename contained in the archive. As a result, a remote attacker could specifically format this filename in a way that would result in executing system commands from remotely via Perl’s qx operator with privileges from the Email Security Gateway product.”
The flaw, said Barracuda, was identified on May 19, 2023, prompting the company to deploy the patch on all ESG devices worldwide a day later. A second fix was released on May 21 as part of the “containment strategy”.
Additionally, the company’s investigation uncovered evidence of an active exploit of CVE-2023-2868, which resulted in unauthorized access to “part of the email gateway device”.
The company, which has more than 200,000 global customers, did not disclose the scale of the attack. It said affected users have been contacted directly with a list of corrective actions to be taken.
Barracuda also have urge customers to review their environment, added still actively monitoring the situation.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!
The identity of the threat actor behind the attack is currently unknown, but Chinese and Russian hacker groups have been observed deploying bespoke malware on vulnerable Cisco, Fortinet, and SonicWall devices in recent months.
This development comes as Defiant warns about a massive exploit of a cross-site scripting (XSS) error that has now been fixed in a plugin called Beautiful Cookie Consent Banner (CVSS score: 7.2) installed on more than 40,000 sites.
The vulnerability offers unauthenticated attackers the ability to inject malicious JavaScript into websites, potentially enabling redirects to malvertising sites as well as creation of rogue admin users, resulting in site takeovers.
WordPress security company said it “blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and the attacks are ongoing.”
