Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 – 9.2.0.006. “The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). [It] stems from incomplete input validation of a user-supplied .tar file as it pertains to the … More →

The post …

0 day attackers barracuda barracuda networks command command injection critical cve cve-2023-2868 don't miss email email security esg exploited gateway hacked hot stuff injection networks physical security security gateway the company vulnerability zero-day zero-day vulnerability