Vulmon
CVE-2023-2868: Barracuda ESG Command Injection For full details, read our AttackerKB Analysis Usage Set LHOST and RHOST variables to your listener ruby poc_cve_2023_2868rb <TARGET_IP> This will spawn a reverse shell
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
barracuda email_security_gateway_300_firmware |
||
barracuda email_security_gateway_400_firmware |
||
barracuda email_security_gateway_600_firmware |
||
barracuda email_security_gateway_800_firmware |
||
barracuda email_security_gateway_900_firmware |
Advanced persistent threats (APTs) are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is often more at stake. At Kaspersky’s Global Research and Analysis Team (GReAT), we monitor a number of APT groups, analyze trends and try to anticipate their future developments to keep ahead of the e...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources That patch we issued? Yeah, it wasn't enough
Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances — even if they have received a patch to fix a critical bug under exploit. The vendor disclosed the remote command injection bug, tracked as CVE-2023-2868 flaw last week, which affects versions 5.1.3.001 to 9.2.0.006 of the ESG appliance range. But it can, and has, been abused to run remote commands on targeted equipment and deploy data-stealing spyware on the boxes. Barracuda pushed a pat...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Backdoors detailed, plus CISA releases more IOCs for IT depts to check
Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant. And, the Google-owned team warned, it's not over yet: "Mandiant assesses that, at the time of writing, a limited number of previously impacted victims remain at risk due to this campaign." By that, Mandiant means Beijing's spies not only broke into a relatively small number of organizations, via the vulnerability CVE-2023-286...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Act now: Sea-themed backdoor malware injected via .tar-based hole
A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants – for at least the past seven months. Barracuda said it discovered the bug, tracked as CVE-2023-2868, in its Email Security Gateway (ESG) appliance on May 19 and pushed a patch to all of these products globally the following day. In a security alert posted on Tuesday, however, the vendor disclosed that the vulnerability was under active exploi...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Snoops 'aggressively targeted' specific govt, academic accounts
Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant. Barracuda discovered a critical bug, tracked as CVE-2023-2868, in these appliances on May 19, we're told, and pushed a patch to all affected products the following day. At the time, it said miscreants had been abusing the flaw to run remote commands on targeted equipment, hijack them, and deploy data-stealing spyware ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Joins in the chorus of advice to bin the gear instead of trying for a fix
The FBI has warned owners of Barracuda Email Security Gateway (ESG) appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. The attackers are exploiting CVE-2023-2868, a critical remote command injection vulnerability that was discovered in May 2023, and was exploited as far back as October 2022. After Barracuda spot the bug on May 19, it pushed a patch the next day. In June, the supplier recommend...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are
Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...