4 matches found
FBI confirms Barracuda patch is not effective for exploited ESG appliances
In an FBI Flash about a Barracuda ESG vulnerability, listed as CVE-2023-2868, the FBI has stated that the patches released by Barracuda in response to this CVE were ineffective for anyone previously infected. Although both Barracude and Mandiant have already made this determination, the agency sa...
Barracuda Email Security Gateway < 9.2.0.008 Command Injection (CVE-2023-2868)
According to its self-reported version, the Barracuda Email Security Gateway on the remote web server is 9.2.0.008. It is, therefore, affected by a command injection vulnerability in the processing of .tar files that could allow a remote, unauthenticated attacker to execute arbitrary commands wit...
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...
Barracuda Urges Immediate Replacement of Hacked ESG Appliances
Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway ESG appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company sai...