The network security solutions provider Barracuda recently warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.
The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release of two security patches on May 20 and 21.
“Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023.” reads the advisory published by the security solutions provider. “The vulnerability existed in a module which initially screens the attachments of incoming emails.”
The issue could have a significant impact because the impacted Email Security Gateway (ESG) appliances are used by hundreds of thousands of organizations worldwide, including several high-profile businesses.
The vulnerability doesn’t impact other Barracuda products, the company states that its SaaS email security services is not affected by this issue.
The company investigated the flaw and discovered that it was exploited to target a subset of email gateway appliances. The company notified via the ESG user interface the customers whose appliances they believe were impacted.
On May 30, 2023, the vendor provided a Preliminary Summary of Key Findings related to its investigation that includes a timeline of events, Indicators of Compromise (IOCs), and recommended actions for impacted customers.
As per the vendor’s statement, the flaw has been exploited in real-world scenarios, with incidents dating back to October 2022 at the very least.
“Earliest identified evidence of exploitation of CVE-2023-2868 is currently October 2022.” reads the update provided by the company.
Threat actors exploited the flaw CVE-2023-2868 to obtain unauthorized access to a subset of ESG appliances. Barracuda, with the support of Mandiant, discovered the issue was exploited to deploy malware on a subset of appliances allowing for persistent backdoor access.
The families of malware employed in the attacks are:
Below are the recommendations for the impacted customers:
(SecurityAffairs – hacking, Barracuda)