Barracuda Now Says You'll Have To Replace Your ESG Device Right Away

[ad_1]

Barracuda has announced that its vulnerable Email Security Gateway (ESG) appliances should now be replaced immediately.

Despite releasing a patch for a high-severity zero-day vulnerability found roughly a week ago, the email and network security firm’s new advice suggests that affected devices are in fact beyond help.

The company updated its initial security advisory earlier this week to: “Impacted ESG appliances must be immediately replaced regardless of patch version level… Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.”

Three malware families

The company also says that it has notified all affected customers already. Those who are yet to replace their gear should contact the company via support@barracuda.com as soon as possible.

Early last week, reports circulated of hackers exploiting a zero-day vulnerability in Barracuda’s ESGs over several months, targeting countless organizations with different malware. The zero-day is tracked as CVE-2023-2868, found in ESGs versions between 5.1.3.001 and 9.2.0.006.

According to the National Vulnerability Database, the flaw is a remote command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands.

Initially, Barracuda said it spotted three malware families being distributed via the zero-day: Saltwater, Seaside, and Seaspy. These three allow threat actors to download and upload files, run commands, establish persistence, and establish a reverse shell.

The patch was published on May 20. Advise to Affected businesses included rotating ESG appliance credentials where possible, including any connected LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS certificates.

More than 200,000 organizations are using Barracuda’s products, the company claims. Some of its clients include Samsung, Delta Airlines, Mitsubishi, and others.

Via: BleepingComputer

[ad_2]
#Barracuda #youll #replace #ESG #device

Barracuda now says you’ll have to replace your ESG device right away

Like this:

Related

Leave a ReplyCancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Understanding Newton’s Law of Gravitation: Visual Insights into Mass Interactions

Do You Know Which Was Primary Offensive Weapon In Op Sindoor? DRDO Chief Reveals

Real Life Raksha Bandhan: Her Hand Once Held His Sister’s, Now A Mumbai Teen Ties Rakhi To A Brother She Never Knew

China`s Mega Dam Threatens To Devastate Bangladesh`s Water Security, Economy: Report

India Backs Surprise Trump-Putin Talks; Revives Modi’s ‘Not An Era Of War’ Call

Shillong Teer Result Today 09.08.2025: First And Second Round Saturday Lucky Draw Winning Lottery Numbers

Tamil Nadu: CBI Suspects False Complaint Behind Custodial Death Of Temple Guard In Sivaganga

Amarnath Yatra 2025 Concludes With Chhari Mubarak Ritual Amid Tight Security

Op Dharali: 816 Civilians Rescued, Air And Ground Operations Continue In Uttarkashi

`6 Pak Aircraft Were Downed During Operation Sindoor`: Air Force Chief Praises S-400 System

Welcome

Categorys

Site Links