Read Time:32 Second
Barracuda has patched a zero-day vulnerability that had been exploited since October to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data, the company said on Tuesday.
“On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) versions 5.1.3.001-9.2.0.006,” the company said, adding that the vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within the archive.