Barracuda Security Gateway appliance vulnerability - 20230529001

Overview

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006.

What is the vulnerability?

The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive.

CVE-2023-2868 - CVSS v3 Base Score: 9.4

What is vulnerable?

On May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023.

The vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability

The vulnerability affects the following products:

• Email Security Gateway - 5.1.3.001-9.2.0.006.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: Barracuda Email Security Gateway Appliance (ESG) Vulnerability

Additional References

• Barracuda Email Security Gateway Appliance (ESG) Vulnerability
• Barracuda Status