Barracuda issues an urgent warning to replace ESG appliances
Barracuda, a cybersecurity company, has issued an urgent warning for all its Email Security Gateway (ESG) appliances to be taken offline and replaced immediately. According to a recent advisory, the ESG remote command injection vulnerability that was already under active attack since October 2022, which was patched in May, needs complete replacement instead of patching efforts.
The Threat
The remote command injection vulnerability in Barracuda‘s ESG appliances was discovered under CVE-2023-2868. The vulnerability allowed attackers to remotely execute arbitrary commands with administrative credentials, enabling them to take over the entire system. Barracuda issued a patch to fix the vulnerability on May 20, and it was hoped that the update would address the problem. However, by June 6, Barracuda updated that the patch and subsequent scripts that were pushed out to counter unauthorized access were insufficient to secure impacted ESG devices, making a full replacement necessary.
Persistent Backdoor Access
Barracuda‘s assessment found that some infected ESG devices maintained persistent backdoor access, and some exhibited evidence of data exfiltration, even after patching. Mike Parkin, Senior Technical Engineer with Vulcan Cyber, suspects that the threat actors found a way to make changes deep in the device firmware, allowing them to persist even after the patch was applied.
Response from Barracuda and Others
Barracuda issued an update stating that, “Impacted ESG appliances must be immediately replaced, regardless of patch version level.” Customers were advised to take Barracuda‘s recommendation seriously and to replace their ESG appliances. Furthermore, Mike Parkin of Vulcan Cyber also advised customers to follow the vendor’s security advisory without arguing as it could help in eradicating potential compromises in customer environments.
Editorial Commentary
The recent discovery of remote command injection vulnerability in Barracuda‘s ESG appliances highlights the need for software vendors to continually assess and reassess the security of their products. The fact that the patch was quickly bypassed,
making it ineffective, indicates that organizations should consider vigilant and continuous security assessments. The use of zero-trust security measures can also help in identifying potential vulnerabilities and swiftly addressing them before being exploited.
Advice to Customers
Customers that have been impacted should take immediate steps to replace their ESG appliances with the updated version. They should also conduct a thorough security risk assessment of their information technology infrastructure to identify any further vulnerabilities that could be exploited. In conclusion, organizations must continuously assess, maintain and improve the security posture of their systems in this high-risk security threat environment.
<< photo by Rachel Claire >>
You might want to read !
- The Importance of Robust API Security for Your Business
- “Cyber Security Alert: Clop Ransomware Group’s Long-Term Exploitation of MOVEit Transfer Vulnerability”
- The Rise of AI-Powered Fraud: Can Technology Stop It?
- The Race to Patch: Experts Reveal Exploit for Active Windows Vulnerability
- Insider Breaches Decrease OT Organizations’ Intrusions, Shows Recent Study
- Residential IPs: The Latest Tool in BEC Scammers’ Arsenal to Trick Microsoft and Avoid Detection
- “The Rise and Fall of ‘Jack’: The Romanian Hacker Behind the Golden Chickens Malware”
- Google’s New Login Tech Sidelining Passwords for Better User Experience
- “Deceptive Hackers Distribute Malware Under the False Promise of AI Innovation”
- “Striking a Balance: Maintaining Cyber Competence Without Increasing Anxiety in the Workplace”
