Home / Threat Intelligence bulletins / Barracuda discloses zero-day vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Barracuda Networks disclosed a zero-day security vulnerability, tracked as CVE-2023-2868 (CVSSv3 Score 9.4 – Critical). The vulnerability has been exploited against Barracuda Email Security Gateway (ESG) appliance clients. At the time of writing, the vulnerability is known to exist within a module which screens the attachments of incoming emails.

CVE-2023-2868 pertains to a remote command injection flaw that has emerged as a result of a failure to comprehensively sanitise the processing of ‘.tar’ files.

As of the time of writing, Barracuda has reached out to impacted users with a set of recommended actions.

Impact

Successful exploitation of CVE-2023-2868 has resulted in threat actors gaining unauthorised access to email gateway appliances. As the vulnerability originates via an incomplete input validation of a user-supplied ‘.tar’ file, this could allow a remote threat actor to specifically format these files in a manner that could result in remotely executing a system command through Perl’s qx operator, with the privileges of the ESG product.

Affected Products

– Barracuda Email Security Gateway appliances

Containment, Mitigations & Remediations

Barracuda has investigated the issue pertaining to the ESG product. This issue was remediated as part of the BNSF-36456 patch, which was automatically applied to all client appliances.

As an additional security measure, it is strongly recommended that impacted organisations inspect their environment to ensure that threat actors have not pivoted laterally to additional systems on the network.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Barracuda occupies a significant portion of the networking-hardware market share. Additionally, its security solutions are utilised by more than 200,000 organisations throughout the world, by high-profile companies including Mitsubishi, Samsung and Delta Airlines. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Barracuda products could emerge as a prime target. Due to the fact that such products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration:

CWE-20 – Improper Input Validation

Further Information

Barracuda Advisory

 

Intelligence Terminology Yardstick