Get in Touch
Barracuda discloses zero-day vulnerability
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Barracuda Networks disclosed a zero-day security vulnerability, tracked as CVE-2023-2868 (CVSSv3 Score 9.4 – Critical). The vulnerability has been exploited against Barracuda Email Security Gateway (ESG) appliance clients. At the time of writing, the vulnerability is known to exist within a module which screens the attachments of incoming emails.
CVE-2023-2868 pertains to a remote command injection flaw that has emerged as a result of a failure to comprehensively sanitise the processing of ‘.tar’ files.
As of the time of writing, Barracuda has reached out to impacted users with a set of recommended actions.
Impact
Successful exploitation of CVE-2023-2868 has resulted in threat actors gaining unauthorised access to email gateway appliances. As the vulnerability originates via an incomplete input validation of a user-supplied ‘.tar’ file, this could allow a remote threat actor to specifically format these files in a manner that could result in remotely executing a system command through Perl’s qx operator, with the privileges of the ESG product.
Affected Products
– Barracuda Email Security Gateway appliances
Containment, Mitigations & Remediations
Barracuda has investigated the issue pertaining to the ESG product. This issue was remediated as part of the BNSF-36456 patch, which was automatically applied to all client appliances.
As an additional security measure, it is strongly recommended that impacted organisations inspect their environment to ensure that threat actors have not pivoted laterally to additional systems on the network.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Barracuda occupies a significant portion of the networking-hardware market share. Additionally, its security solutions are utilised by more than 200,000 organisations throughout the world, by high-profile companies including Mitsubishi, Samsung and Delta Airlines. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Barracuda products could emerge as a prime target. Due to the fact that such products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive information contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Common Weakness Enumeration:
– CWE-20 – Improper Input Validation
Further Information