Barracuda Networks has informed customers to immediately decommission and replace any Email Security Gateway (ESG) appliances that may be affected by a critical security vulnerability. The vulnerability, which has been assigned the CVE-2023-2868 identifier, allows attackers to remotely execute arbitrary system commands on affected devices.
Barracuda estimates that approximately 5% of active ESG appliances worldwide are affected by the vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued an advisory about the vulnerability and has urged organizations to take immediate action to mitigate the risk.
According to a report by Rapid7, malicious actors have been exploiting the CVE-2023-2868 vulnerability since November 2022. But Barracuda did not disclose the specific reason for its recommendation to replace affected ESG appliances instead of patching them.
The advisory also mentions several strains of malware, including Saltwater, SeaSpy, and Seaside, that were used to exploit the bug, granting hackers unauthorized access and the ability to carry out various actions on victim networks.
The sources for this piece include an article in TheRecord.