Barracuda warns all of its ESG appliances need urgent rip & replace

Despite pushing out patches addressing vulnerabilities in its Email Security Gateway (ESG) appliances in May, today Barracuda issued an urgent warning that all affected devices need to be taken offline and replaced immediately.

The ESG remote command injection vulnerability, tracked under CVE-2023-2868, was already under active exploit since October 2022, Barracuda said in its initial May 30 disclosure. A patch was released on May 20, but by June 6 it was determined the patch and subsequent script pushed out to counter unauthorized access weren’t enough to secure impacted ESG devices, according to the advisory.

“Impacted ESG appliances must be immediately replaced regardless of patch version level,” Barracuda warned its customers in an update. “Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.”

Barracuda determined some infected devices maintained persistent backdoor access, with some presenting evidence of data exfiltration, even after patching.

To read the complete article, visit Dark Reading.