Barracuda’s Warning of Zero-Day Exploitation: What You Need to Know
Barracuda, a provider of email security and network security services, is alerting consumers to a zero-day vulnerability that it claims has been used to compromise the company’s Email Security Gateway (ESG) equipment.
The remote code injection vulnerability, identified as CVE-2023-2868, has been reported to affect versions 5.1.3.001 through 9.2.0.006.
The company, which has its headquarters in California, claimed that a component that checks incoming emails’ attachments is to blame for the problem.
The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product.
Advisory from the NIST’s national vulnerability database.
Barracuda stated that the flaw was discovered on May 19, 2023, and that the following day the business internationally patched all ESG devices. On May 21, a second fix was made available as part of the “containment strategy.”
Additionally, the company’s analysis found proof of CVE-2023-2868’s active exploitation, which gave hackers access to a “subset of email gateway appliances.”
The business, which has over 200,000 customers worldwide, kept quiet about the attack’s scope. It said that affected users have been contacted individually and given a list of corrective measures to follow.
Our Readers ALSO READCombating Secrets Sprawl and Urgent Action Required
In addition to advising clients to assess their surroundings, Barracuda said it was still closely watching the situation.
Although the identity of the threat actors responsible for the attack is presently unknown, Chinese and Russian hacker groups have been seen recently using custom malware on SonicWall, Fortinet, and Cisco devices that are prone to attack.
The development occurs as Defiant warns of widespread exploitation of now-fixed cross-site scripting (XSS) vulnerability in the Beautiful Cookie Consent Banner plugin, which is installed on over 40,000 websites and has a CVSS score of 7.2.
It blocked nearly 3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023, and attacks are ongoing.