Barracuda Email Security Zero-Day

In today’s SensCy Cyber Alert, your SensCy team urges Barracuda product users to install the new update immediately. The latest update remediates One new zero-day vulnerability in the Email Security Gateway (ESG) appliances. Barracuda released two patches on May 19 and 21.

CVE-2023-2868 is a remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product affecting versions 5.1.3.001-9.2.0.006.

According to Barracuda Security, “ the vulnerability “resulted in unauthorized access to a subset of email gateway appliances.” Other products, such as the software-as-a-service (SaaS) email security, were not affected.

Barracuda also said that their investigation was limited to the ESG product, so it’s on customers to review their environments and determine if there are additional actions they want to take

What is a zero-day vulnerability?

In cybersecurity, a zero-day vulnerability refers to a vulnerability in a system or device that has been disclosed but not yet patched. The vulnerability was discovered before developers and security researchers were aware of it and could provide a patch/update.

How to check for new updates:

Here is a knowledge-based article from Barracuda to apply security patches.

SensCy recommends that all systems have automatic updates turned on.
If you need additional information, please contact your client advocate.