CVE-2023-2868

2023-07-0500:00:00

attackerkb.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.961 High

EPSS

Percentile

99.4%

JSON

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

Recent assessments:

ccondon-r7 at January 21, 2024 6:18pm UTC reported:

See the Rapid7 Analysis for a full technical analysis of this vulnerability, including proof-of-concept code.

The vendor’s advisory has now grown to encompass CVE-2023-7102, another zero-day vulnerability in ESG appliances, in addition to the original CVE-2023-2868. Both attacks attributed to “suspected China-nexus actor” UNC4841 by Mandiant, which has multiple analyses available along with IOCs.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4