Barracuda Networks on Tuesday disclosed a zero-day vulnerability that has been used in attacks against its email security gateway appliance customers.
Barracuda disclosed the flaw in its email security gateway (ESG) product via a five-paragraph advisory on its website. According to the advisory, the network security vendor discovered the flaw on May 19 before releasing patches on May 20 and 21.
Barracuda did not detail the nature of the vulnerability, tracked as CVE-2023-2868, in the advisory beyond saying the flaw “existed in a module which initially screens the attachments of incoming emails” and that no other Barracuda product is subject to the flaw. In its webpage dedicated to the vulnerability, NIST described an input validation issue for user-supplied TAR files that can allow unauthorized users to gain remote access.