all InfoSec news
CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately
Cyber Exposure Alerts www.tenable.com
Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Email Security Gateway devices, and both the vendor and the FBI urge customers to replace these devices immediately
Background
On May 19, Barracuda published an incident report that detailed an investigation into a zero-day vulnerability in its Email Security Gateway (ESG) appliances:
CVE | Description | CVSSv3 | Severity |
---|---|---|---|
CVE-2023-2868 | Barracuda ESG Appliance Remote Command Injection Vulnerability | 9.8 | Critical … |
attackers barracuda customers cve cve-2023-2868 devices email email security email security gateway esg exploiting fbi gateway may october security security gateway vendor vulnerability zero-day zero-day vulnerability