Email protection and network security service providers barracuda warns users of a zero-day flaw exploited to compromise its Email Security Gateway (ESG) appliances.
Zero days are tracked by CVE-2023-2868 This is described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.
The California-based company said the problem was caused by a component that inspects incoming email attachments.
According to an advisory from NIST’s National Vulnerability Database, “This vulnerability is caused by a failure to comprehensively sanitize the handling of .tar files (tape archives).”
“The vulnerability is due to incomplete input validation of user-supplied .tar files as it relates to the filenames contained within the archive. As a result, a remote attacker could can be specially formatted in a certain way, for remote execution of system commands via Perl’s qx operator, using the Email Security Gateway product’s privileges.
Barracuda said the flaw was identified on May 19, 2023, and the next day the company would roll out a patch to all ESG devices worldwide. The second fix, he was released on May 21 as part of a “containment strategy.”
Additionally, the company’s investigation uncovered evidence of active exploitation of CVE-2023-2868 to gain unauthorized access to “a subset of email gateway appliances.”
The company, which has more than 200,000 customers worldwide, did not disclose the scale of the attack. Affected users were contacted directly with a list of corrective actions to take, it said.
Barracuda also urged customers to review their environment, adding that it is still actively monitoring the situation.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
The identity of the attacker behind the attack is currently unknown, but in recent months we have observed Chinese and Russian hacker groups deploying bespoke malware to vulnerable Cisco, Fortinet and SonicWall devices. .
The development comes after Defiant warned that a cross-site scripting (XSS) flaw in a plugin called Beautiful Cookie Consent Banner (CVSS score: 7.2) installed on over 40,000 sites was being exploited at scale. It was done in response to
This vulnerability allows unauthenticated attackers to inject malicious JavaScript into websites, creating unauthorized administrative users as well as redirecting to unauthorized advertising sites. , which may result in your site being hijacked.
The WordPress security firm said it has blocked nearly 3 million attacks against more than 1.5 million sites from nearly 14,000 IP addresses since May 23, 2023, and attacks are still ongoing. .
