9 January 2024

Security I Trust

Helping you build Security and Trust

zero-day CVE-2023-2868 Barracuda Email Security Gateway

1 min read
CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product affecting versions 5.1.3.001-9.2.0.006.
Email Security Gateway (ESG) appliances.

“The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives),” according to an advisory from the NIST’s national vulnerability database.

Barracuda Details:

https://status.barracuda.com/incidents/34kx82j5n4q9

 

CVE Details:

https://nvd.nist.gov/vuln/detail/CVE-2023-2868

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2868