Barracuda, a company that provides network and email security solutions, has informed customers that some of its Email Security Gateways (ESGs) have been compromised by a zero-day vulnerability that has been patched.
• A vulnerability has been discovered in Barracuda Email Security Gateway (ESG) on may 19, which may allow remote code injection (CVE-2023-2868).
• Barracuda Email Security Gateway manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks.
• It is possible that unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the server using the context of the System user.
• A user whose account is configured to have fewer user rights on the system might be less affected than a user with administrative rights.