Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 – 9.2.0.006. “The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). [It] stems from incomplete input validation of a user-supplied .tar file as it pertains to the … More

The post Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) appeared first on Help Net Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter