Barracuda, a renowned cybersecurity solutions provider, has issued an urgent warning for its Email Security Gateway (ESG) appliance users to take down their devices immediately and replace them with new ones after the discovery of a remote command injection vulnerability that has been under active exploitation reportedly since October 2022.
The ESG remote command injection vulnerability being referenced is tracked under CVE-2023-2868 and had initially been patched in May. In their previous disclosure on May 30, Barracuda announced that the vulnerability had already been exploited. However, reports indicate that by June 6, the script that patch was not enough to secure impacted ESG devices.
Following the discovery of the vulnerability, Barracuda issued a warning advising affected customers to immediately replace their ESG appliances regardless of the patch level. The company also recommended a complete replacement of the affected ESG devices since the persistent backdoor access and data exfiltration observed from certain impacted ESG appliances showed that the threat actors had likely found a way to make deep changes to the device firmware.
Mike Parkin, a senior technical engineer with Vulcan Cyber, suspects that the attackers had probably made significant changes deep in the device firmware, thus making it imperative for the impacted ESG appliances to be replaced entirely. In his statement, Parkin advised customers to take Barracuda’s warning seriously and immediately replace any impacted ESG appliances.
Barracuda is a significant player in the cybersecurity world, providing solutions in cloud-enabled, enterprise-grade security for various businesses and organizations worldwide. Still, the immediate replacement advisory following the discovery of the ESG vulnerability indicates that the threat was severe.
In conclusion, the discovery of the ESG remote command injection vulnerability under CVE-2023-2868 and the continuous exploitation of the vulnerability by malicious actors only underscores the importance of stringent cybersecurity measures. Barracuda’s urgent warning and recommended replacement of the impacted ESG appliances prove that even top-rated cybersecurity solutions need to be taken seriously, and regular updates and patches must not be overlooked. A prompt response and replacement of any vulnerable device could save many organizations from significant cyber-attacks and data breaches.