The FBI reported that the patches Barracuda published in response to the CVE-2023-2868 Barracuda ESG vulnerability were ineffective for anyone who had already been compromised. The agency claims to have “independently verified” this conclusion even though Barracude and Mandiant have already reached it.
Barracuda a security fix to close the vulnerability was installed on all ESG appliances globally
As we detailed in a previous post, a group with ties to China is said to have been using the zero-day vulnerability in targeted assaults for months prior to the release of the patch.
In an article from Malware Bytes, Barracuda announced on May 23, 2023, that on Saturday, May 20, 2023, a security fix to close the vulnerability was installed on all ESG appliances globally. The patch was followed by another on May 21, and users of vulnerable appliances apparently received notifications about what to do via the ESG user interface.
Barracuda issued out an action notice on June 6, 2023, informing customers that impacted ESG appliances needed to be replaced right once and that patching alone would not be sufficient for an infected device.
The business revealed on July 28 that patched compromised machines contained SUBMARINE malware.
READ ALSO: Real-life Social Security COLA statistics for the upcoming year
The identical results have now been independently confirmed by the FBI
In a blog post published today, Mandiant stated that since Barracuda delivered its updates, neither Mandiant nor Barracuda had seen any indication that CVE-2023-2868 had been successfully exploited and resulted in any additional affected physical or virtual ESG appliances.
The Barracuda Email Security Gateway (appliance form factor only) has a remote command injection vulnerability that can be exploited. The flaw is caused by insufficient input validation of the file names present in.tar file attachments. As a result, a remote attacker might deliberately structure these file names so that, using Perl’s qx operator, they can remotely execute a system command with the rights of the Email Security Gateway product.
The FBI claims that the fraudsters used this flaw to upload malicious payloads with a range of capabilities onto the ESG appliance, enabling persistent access, email scanning, credential harvesting, and data exfiltration.
Four malware analysis reports have been released by the Cybersecurity and Infrastructure Security Agency (CISA) based on malware variants linked to the exploitation of this Barracuda ESG appliance vulnerability, reports from Tech Monitor.
READ ALSO: Social Security: Newest COLA Estimate for 2024 Is A Little More