Urgent FBI Warning- Barracuda Email Gateways Vulnerable Despite Recent Patches
23-Aug-23
The U.S. Federal Bureau of Investigation (FBI) has issued a warning that Barracuda Networks Email Security Gateway (ESG) appliances still run the danger of being compromised by alleged Chinese hacker groups despite having been patched against a newly reported serious fault. Versions 5.1.3.001 through 9.2.0.006 are affected, and the remote command injection vulnerability enables unauthorized system command execution on the ESG product with administrator rights.
The updates were likewise rated “ineffective” by the company, which added that it “continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit.” The zero-day flaw, which has the tracking number CVE-2023-2868 and a CVSS score of 9.8, is rumored to have been weaponized as early as October 2022, more than seven months before the security hole was patched.
