Barracuda Networks, a provider of security, application delivery, and data protection solutions, has issued a warning to its customers regarding a zero-day vulnerability that has been actively exploited to compromise the company's Email Security Gateway (ESG) appliances.

The zero-day, tracked as CVE-2023-2868, was addressed with a patch (BNSF-36456) that has been automatically applied to all customer appliances.

Affected Systems

• Barracuda Email Security Gateway appliances, versions 5.1.3.001 – 9.2.0.006.

Security Risks

The identified vulnerability in the processing of .tar files (tape archives) poses a significant security risk due to the lack of comprehensive sanitization. This vulnerability arises from incomplete input validation of user-supplied file names within the archive. Exploiting this flaw, a remote attacker can manipulate the file names in a specific manner, enabling the execution of system commands remotely using Perl's qx operator. This attack vector grants the attacker the privileges of the Email Security Gateway product, potentially leading to unauthorized access or malicious activities.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Barracuda advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Verify patch application: Ensure that the patch (BNSF-36456) has been successfully applied to all Barracuda Email Security Gateway appliances in your environment. Perform an audit or check with the vendor to confirm that the patch has been installed.

• Before any update task, please ensure you have a recent backup that can easily be restored.

 For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

https://www.barracuda.com/company/legal/esg-vulnerability

https://status.barracuda.com/

https://www.barracuda.com/company/legal

https://status.barracuda.com/incidents/34kx82j5n4q9