• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Barracuda: Replace Compromised ESG Appliances Immediately

Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug to replace them.

June 12, 2023 Zachary Comeau Leave a Comment

Barracuda ESG
stock.adobe.com/Tada Images

[Editor’s Note: This article has been updated to reflect Barracuda Networks’ official statement.]

Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched.

The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from Email Security Gateway (ESG) appliances on May 18, which prompted the company to begin an investigation with the help of cybersecurity firm Mandiant.

This week, Barracuda updated its notice, urging customers with impacted ESG appliances to replace them regardless of their patch version level.

“Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG,” the company says in its advisory.

According to the advisory, Barracuda identified a remote command injection vulnerability in their ESG appliance one day after discovering the “anomalous traffic” and engaging Mandiant. A patch was released a day after that on May 20, but the patch is apparently not enough to prevent compromise of the affected devices.

The company is also releasing a “series of security patches” to all appliances.

Exploitation for 10 months

Alarmingly, Barracuda and other cybersecurity firms say exploitation of these ESG appliances has been discovered to date back to fall 2022, specifically October 2022.

According to Barracuda, the vulnerability existed in a module which initially screens attachments of incoming emails. The bug has been leveraged to obtain unauthorized access to a subset of ESG appliances, and malware was identified on a subset of appliances to give attackers a backdoor.

Evidence of data exfiltration was also identified, the company says.

The company notified users with impacted appliances to take action, but “additional customers may be identified in the course of the investigation,” the firm says.

About the vulnerability and malware

According to Barracuda, the vulnerability, CVE-2023-2868, stems from “incomplete input validation of user supplied .tar files as it pertains to the names of files contained within the archive.”

This allows a remote attacker to format file names in a particular manner that would result in “remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product,” the company says.

Barracuda also identified three malware strains that make the backdoor possible.

Recommendations

Barracuda is recommending that organizations with ESG appliances ensure that the devices are receiving and applying updates and security patches, but the company is of course also recommending that organizations discontinue the use of compromised ESG appliances and contact the company’s support to obtain a new ESG virtual or hardware appliances.

In addition, organizations should rotate any applicable credentials connected to the ESG appliance, including:

  • Any connected LDAP/AD
  • Barracuda Cloud Control
  • FTP Server
  • SMB
  • Any private TLS certificates

Organizations should also review their network logs for any of the indicators of compromise listed in Barracuda’s advisory. They should contact [email protected] if any are identified, the firm says.

Barracuda’s official statement

The company’s official statement reads as such:

The latest information related to the Barracuda’s Email Security Gateway (ESG) vulnerability and incident has been published on Barracuda’s Trust Center (https://www.barracuda.com/company/legal). The product CVE is published here: https://nvd.nist.gov/vuln/detail/CVE-2023-2868. 

An ESG product vulnerability allowed a threat actor to gain access to and install malware on a small subset of ESG appliances. On May 20, 2023, Barracuda deployed a patch to ESG appliances to remediate the vulnerability. 

Not all ESG appliances were compromised, and no other Barracuda product, including our SaaS email solutions, were impacted by this vulnerability.

As of June 8, 2023, approximately 5% of active ESG appliances worldwide have shown any evidence of known indicators of compromise due to the vulnerability. Despite deployment of additional patches based on known IOCs, we continue to see evidence of ongoing malware activity on a subset of the compromised appliances. Therefore, we would like customers to replace any compromised appliance with a new unaffected device.

We have notified customers impacted by this incident. If an ESG appliance is displaying a notification in the User Interface, the ESG appliance had indicators of compromise. If no notification is displayed, we have no reason to believe that the appliance has been compromised at this time. Again, only a subset of ESG appliances were impacted by this incident.  

Barracuda’s guidance remains consistent for customers. Out of an abundance of caution and in furtherance of our containment strategy, we recommend impacted customers replace their compromised appliance. If a customer received the User Interface notification or has been contacted by a Barracuda Technical Support Representative, the customer should contact [email protected] to replace the ESG appliance. Barracuda is providing the replacement product to impacted customer at no cost. 

If you have questions on the vulnerability or incident, please contact [email protected]. Please note that our investigation is ongoing, and we are only sharing verified information. 

Barracuda has engaged and continues to work closely with Mandiant, leading global cyber security experts, in this ongoing investigation. 

We will provide updates as we have more information to share.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Barracuda Networks, Cybersecurity, Vulnerability

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.