Barracuda ESG: CVE-2023-2868 Hardening Recommendations

On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in Barracuda Email Security Gateway (ESG) appliances (versions 5.1.3.001-9.2.0.006). The vulnerability stemmed from incomplete input validation of user supplied .tar files. Consequently, a remote attacker could format file names in a particular manner, resulting in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.

Barracuda's investigation to date has determined that a threat actor utilized the technique described above to gain unauthorized access to a subset of ESG appliances.