Barracuda, an enterprise-grade security solutions provider, recommends customers replace their Email Security Gateway (ESG) regardless of patch version level.
This follows an observed attack targeting a patched zero-day vulnerability. Defect (tracked) CVE-2023-2868) was exploited in October 2022 and remotely patched on May 20, 2023. The attacker’s access to the infected appliance was reportedly blocked by deploying a dedicated script a day later.
According to Barracuda’s first advisory published on June 1st, the discovered vulnerability exists in a module that inspects email attachments. This was updated on June 6th to facilitate ESG replacement.
Read more about email-focused attacks: Microsoft Warns of Increase in Business Email Compromise Attacks
The company determined that this flaw was exploited to gain unauthorized access to a specific subset of ESG appliances. Malware was later discovered on some of these appliances, allowing persistent backdoor access. Evidence of data leakage has also been found on some of the affected devices.
Security company incident response team Rapid 7 ESG exploit bugs are also being investigated and made public. blog post Regarding Thursday’s findings.
The Rapid7 Advisory stated, “The shift from patching to outright replacement of affected devices is rather surprising, as the malware deployed by the attackers somehow achieved persistence at sufficiently low levels that the devices , suggesting that wiping cannot eradicate an attacker’s access.”
According to insights shared by John Bambenek, Chief Threat Hunter at Netenrich, customers will find it easier to deal with virtual appliances. The solution in such cases is relatively simple: just provision and configure a new virtual appliance and delete the old virtual appliance.
“People with hardware appliances will have a tough road ahead as they will have to get new devices to replace them,” added Bambeneck.
Barracuda’s update for CVE-2023-2868 comes months after Quarks Lab disclosed that two previously discovered vulnerabilities in the TPM 2.0 library may have affected it . Billions of Internet of Things (IoT) devices.
