CVE 2023-2868: Barracuda Urges Customers to Replace Compromised Email Security Gateway (ESG) Appliances

Share :

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version.  

Barracuda ESG is an email security gateway that manages and filters inbound and outbound email traffic within an organization’s network. On May 18, 2023, Barracuda identified CVE-2023-2868 after being alerted to anomalous traffic originating from ESG appliances. The vulnerability exists in a module that initially screens the attachments of incoming emails, affecting ESG versions No other Barracuda products, including their SaaS email security services, are vulnerable to CVE-2023-2868. 

While no evidence of a published POC has been observed, Barracuda has noted that it has been under active exploitation since at least October 2022. Threat actors have leveraged the vulnerability to exfiltrate data and obtain persistent access on a subset of appliances. 

Recommendation for CVE 2023-2868

Recommendation #1: Follow Barracuda Remediation Guidance for Compromised Devices 

If your organization has been informed by Barracuda of exploitation activity, we strongly recommend following Barracuda’s current remediation guidance and fully replacing the impacted ESG to prevent future exploitation. Current guidance and additional information can be found here:  

Recommendation #2: Verify ESG Appliance has the Latest Security Patch Applied 

If you have not been notified by Barracuda, we strongly recommend verifying that the most recent security patch was deployed to your ESG appliances and monitor for any communications from Barracuda. Barracuda deployed a security patch to all ESG appliances worldwide on May 20, 2023, to remediate CVE-2023-2868. Additional security patches will likely be deployed in the near future based on Barracuda’s security advisory.  


Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter