Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

From thehackernews.com

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company’s Email Security Gateway (ESG) appliances.

The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.

The California-headquartered firm said the issue is rooted in a component that screens the attachments of incoming emails.

“The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives),” according to an advisory from the NIST’s national vulnerability database.

Read more…