Barracuda Networks, an IB-company, has issued a warning to customers who have suffered from the recently detected zero-day vulnerability in Email Security Gateway (ESG) devices to immediately replace them. The company stated that the assigned ESG devices should be replaced immediately, regardless of the firmware version. The recommendation on correction is currently in full replacement of the touched device ESG.
Earlier this year, in October 2022, Barracuda reported that the recently corrected zero-day vulnerability in the Email Security Gateway (ESG) gateway was used by attackers to hack devices. The critical vulnerability cve-2023-2868 was actively used within the course of at least 7 months before its discovery to obtain unauthorized access to the subset of ESG and theft of data from them.
The vulnerability discovered by Barracuda on May 19, 2023, affects the versions from 5.1.3.001 to 9.2.0.006 and can allow a remote attacker to execute code on vulnerable devices. Corrections were issued by Barracuda on May 20 and 21.
According to the latest reports, at least three different malware strains have been found that were used in attacks. All of them have the opportunity to download or upload arbitrary files, execute commands, configure constancy, and install the reverse shells (Reverse Shell) on the attacker server.
The exact scale of the incident is still unknown. The CISA agency recommended that federal agencies apply corrections by June 16, 2023. Customers who have any concerns are advised to contact Barracuda for further advice and replacement.