Displaying items by tag: cve20232868

After the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for any device that was compromised is a full replacement regardless of the firmware version. It seems that once an attacker gets their malware into the device, it is done. There is not a clean way to remove it and simply patching it does not disable the control that the attacker has on the device. It also seems that at factory resent does not clear it out.

Published in News

On May 19th 2023 Barracuda disclosed that there was a critical vulnerability in their Email Security Gateway appliances. This vulnerability is tracked under CVE-2023-2868 and is listed as a remote command injection vulnerability. The flaw is present in software versions 5.1.3.001 up to 9.2.0.006 for the ESG appliances only. As this was disclosed as a Zero-Day vulnerability there was an accelerated patch release schedules with the first patches made available on May 20th.

Published in News