Sequretek Advisory - Barracuda Email Security Gateway Appliance (ESG) Vulnerability

Barracuda, a company that provides network and email security solutions, has informed customers that some of its Email Security Gateways (ESGs) have been compromised by a zero-day vulnerability that has been patched. 

• A vulnerability has been discovered in Barracuda Email Security Gateway (ESG) on may 19, which may allow remote code injection (CVE-2023-2868).

• Barracuda Email Security Gateway manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks.

• It is possible that unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code on the server using the context of the System user.

• A user whose account is configured to have fewer user rights on the system might be less affected than a user with administrative rights.

Sign Up Here for Download