Barracuda now says you'll have to replace your ESG device right away

(Image credit: Shutterstock / Zeeker2526)

Barracuda has announced that its vulnerable Email Security Gateway (ESG) appliances should now be replaced immediately.

Despite releasing a patch for a high-severity zero-day vulnerability found roughly a week ago, the email and network security firm's new advice suggests that affected devices are in fact beyond help.

The company updated its initial security advisory earlier this week to: "Impacted ESG appliances must be immediately replaced regardless of patch version level... Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

Three malware families

The company also says that it has notified all affected customers already. Those who are yet to replace their gear should contact the company via support@barracuda.com as soon as possible.

Early last week, reports circulated of hackers exploiting a zero-day vulnerability in Barracuda’s ESGs over several months, targeting countless organizations with different malware. The zero-day is tracked as CVE-2023-2868, found in ESGs versions between 5.1.3.001 and 9.2.0.006.

> A critical Barracuda security backdoor has been exploited for months, so patch now

> That Dropbox link in your inbox could be a scam

> Check out the best endpoint protection solutions right now

According to the National Vulnerability Database, the flaw is a remote command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands.

Initially, Barracuda said it spotted three malware families being distributed via the zero-day: Saltwater, Seaside, and Seaspy. These three allow threat actors to download and upload files, run commands, establish persistence, and establish a reverse shell.

The patch was published on May 20. Advise to Affected businesses included rotating ESG appliance credentials where possible, including any connected LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS certificates.

More than 200,000 organizations are using Barracuda’s products, the company claims. Some of its clients include Samsung, Delta Airlines, Mitsubishi, and others.

These are the best malware removal tools today

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.