Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Barracuda now says you'll have to replace your ESG device right away

data privacy

Barracuda has announced that its vulnerable Email Security Gateway (ESG) appliances should now be replaced immediately. 

Despite releasing a patch for a high-severity zero-day vulnerability found roughly a week ago, the email and network security firm's new advice suggests that affected devices are in fact beyond help.

The company updated its initial security advisory earlier this week to: "Impacted ESG appliances must be immediately replaced regardless of patch version level... Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

Three malware families

The company also says that it has notified all affected customers already. Those who are yet to replace their gear should contact the company via support@barracuda.com as soon as possible. 

Early last week, reports circulated of hackers exploiting a zero-day vulnerability in Barracuda’s ESGs over several months, targeting countless organizations with different malware. The zero-day is tracked as CVE-2023-2868, found in ESGs versions between 5.1.3.001 and 9.2.0.006.

According to the National Vulnerability Database, the flaw is a remote command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands. 

Initially, Barracuda said it spotted three malware families being distributed via the zero-day: Saltwater, Seaside, and Seaspy. These three allow threat actors to download and upload files, run commands, establish persistence, and establish a reverse shell. 

The patch was published on May 20. Advise to Affected businesses included rotating ESG appliance credentials where possible, including any connected LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS certificates. 

More than 200,000 organizations are using Barracuda’s products, the company claims. Some of its clients include Samsung, Delta Airlines, Mitsubishi, and others.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.