Exploited in the wild: Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)

May 27, 2023

Barracuda discovered a vulnerability in their Email Security Gateway (ESG) appliance on May 19, 2023, affecting the attachment screening module. They quickly applied a patch on May 20, 2023, and a second patch on May 21, 2023, to contain the issue. Impacted customers were notified and provided with instructions. Barracuda continues to monitor and share updates through their product status page and direct outreach. Customers should review their environments for any additional actions. Barracuda apologizes for any inconvenience caused and can be contacted at [email protected] for questions.

Reference

Related Posts

CVE-2023-34362 – MOVEit SQL Injection

Zyxel CVE-2023-28771 – Command Injection

Advantech WebAccess/SCADA Advisory