Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868)

Affected product: Barracuda ESG

Impact: Despites the vulnerability, only about 5% of vulnerable devices were compromised. The attacker selectively choose the target, mainly US goverment email server.

CVE-ID: CVE-2023-2868

Disclosure date: 20230523

Recommended action: Brick the box and get a new one - extra careful with restoring configuraiton.

Noteworthy: Barracuda recommends customer to replace their existing boxes, they provide a new one. Even patching alon is not sufficient as the exploit will be reinstalled (apparenty from the backup)

References

Barracuda Email Security Gateway Appliance (ESG) Vulnerability Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor Barracuda Networks Releases Update to Address ESG Vulnerability Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. CISA Releases Malware Analysis Reports on Barracuda Backdoors