"Barracuda Urges Immediate Replacement of Hacked ESG Appliances"

The enterprise security company Barracuda urges customers affected by a recently disclosed zero-day vulnerability in its Email Security Gateway (ESG) appliances to replace them immediately. Regardless of patch version level, impacted ESG appliances must be replaced, the company emphasized in an update. Barracuda disclosed a critical flaw in the devices, tracked as CVE-2023-2868 with a CVSS score of 9.8. It has been exploited as a zero-day for at least seven months since October 2022 to deliver custom malware and steal data. The vulnerability is a case of remote code injection that affects versions 5.1.3.001 through 9.2.0.006 and is caused by incomplete validation of attachments within incoming emails. Barracuda addressed it on May 20 and May 21, 2023. This article continues to discuss Barracuda urging customers impacted by a recently disclosed zero-day flaw in its ESG appliances to replace them immediately.

THN reports "Barracuda Urges Immediate Replacement of Hacked ESG Appliances"