Barracuda’s Email Security Breached: Zero-Day Flaw Puts Users at Risk

by | May 26, 2023 | News

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

Barracuda, a prominent provider of email protection and network security services, has issued a warning to its users regarding a zero-day vulnerability that has been actively exploited to compromise the company’s Email Security Gateway (ESG) appliances.

Zero-day vulnerability (CVE-2023-2868)

Tracked as CVE-2023-2868, the zero-day flaw is classified as a remote code injection vulnerability impacting versions 5.1.3.001 through 9.2.0.006 of the ESG software. Barracuda has identified the root cause of the issue, which lies in a component responsible for screening incoming email attachments.

According to the National Institute of Standards and Technology’s (NIST) national vulnerability database, the vulnerability arises from a failure to properly sanitize the processing of .tar files. Specifically, incomplete input validation of user-supplied .tar files in relation to the names of the files within the archive allows remote attackers to execute system commands through Perl’s qx operator with the privileges of the Email Security Gateway product.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Barracuda detected this vulnerability on May 19, 2023, and promptly released a patch for all ESG devices worldwide the following day. As part of its containment strategy, the company also issued a second fix on May 21. During their investigation, Barracuda discovered evidence of active exploitation of CVE-2023-2868, resulting in unauthorized access to a subset of email gateway appliances.

While the company has directly contacted affected users and provided remedial actions, the full scale of the attack has not been disclosed. Barracuda has urged all customers to review their environments and continues to actively monitor the situation.

At present, the identity of the threat actors behind the attack remains unknown. However, it is worth noting that Chinese and Russian hacking groups have recently been observed deploying customized malware on vulnerable devices from Cisco, Fortinet, and SonicWall.

In a separate development, cybersecurity firm Defiant has highlighted a large-scale exploitation of a previously patched cross-site scripting (XSS) vulnerability in the Beautiful Cookie Consent Banner plugin used on more than 40,000 websites. This vulnerability allows unauthenticated attackers to inject malicious JavaScript code, potentially leading to redirects to malicious advertising sites and the creation of rogue admin users, resulting in complete takeovers of affected websites.

Defiant reported blocking nearly 3 million attacks from almost 14,000 IP addresses against over 1.5 million sites since May 23, 2023, and the attacks are ongoing. This underscores the importance of promptly updating and securing website plugins to mitigate potential risks.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This