Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise their Email Security Gateway (ESG) appliances. According to Barracuda, their security solutions are utilized by over 200,000 organizations worldwide. This customer base includes a range of companies, including high-profile organizations such as Samsung, Mitsubishi, Kraft Heinz, and Delta Airlines.
The zero-day vulnerability tracked as CVE-2023-2868 is classified as a remote code injection vulnerability. It affects Barracuda Email Security Gateway appliances running versions 5.1.3.001 through 9.2.0.006. Remote code injection vulnerabilities allow attackers to execute arbitrary code on a targeted system.
Barracuda Email Security Gateway (ESG) appliances is rooted in a component responsible for screening the attachments of incoming emails.
According to the advisory from the National Institute of Standards and Technology’s (NIST) National Vulnerability Database, the vulnerability is attributed to a failure to adequately sanitize the processing of .tar files (tape archives). This suggests that the issue lies in the handling or processing of .tar file attachments within the component responsible for screening incoming emails. Sanitization refers to the process of removing or neutralizing potentially malicious or harmful elements from data or files. In this case, the failure to properly sanitize .tar files could allow attackers to exploit the vulnerability and potentially execute malicious code or carry out unauthorized actions.
‘The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product’
Barracuda identified the vulnerability in the component responsible for screening email attachments on May 19, 2023. In response, the company promptly deployed a patch to address the issue across all Barracuda Email Security Gateway (ESG) devices worldwide on May 20. Additionally, as part of their containment strategy, a second fix was released on May 21.
“Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances,” they said.
According to Barracuda, their investigation into the compromised appliances was limited to the Email Security Gateway (ESG) product. Barracuda advised affected customers to conduct a thorough review of their environments to ensure that the attackers did not gain access to other devices on their network.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the remote code injection vulnerability affecting ESG appliances to its Known Exploited Vulnerabilities (KEV) catalog. CISA has specifically urged federal agencies to apply the necessary fixes for the vulnerability by June 16, 2023. This highlights the urgency of mitigating the risk associated with the vulnerability within the given timeframe.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
It is crucial for organizations using Barracuda Email Security Gateway appliances to address this vulnerability promptly. They should follow the guidance provided by Barracuda, including applying any available patches or updates that address the issue. Additionally, organizations should monitor official communications and advisories from Barracuda and consider implementing additional security measures to mitigate the risk associated with the vulnerability until it is fully resolved.