zero-day CVE-2023-2868 Barracuda Email Security Gateway
1 min readA remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product affecting versions 5.1.3.001-9.2.0.006.
Email Security Gateway (ESG) appliances.
“The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives),” according to an advisory from the NIST’s national vulnerability database.
Barracuda Details:
https://status.barracuda.com/incidents/34kx82j5n4q9
CVE Details:
https://nvd.nist.gov/vuln/detail/CVE-2023-2868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2868