Askhat - stock.adobe.com
Barracuda Networks attempted to fix the critical ESG zero-day vulnerability, but a Chinese nation-state threat actor was able to maintain access on compromised devices.
Mandiant issued a report Thursday that answered some lingering questions surrounding a Barracuda Networks zero-day vulnerability that was exploited in the wild.
Barracuda disclosed a flaw on May 23 in its Email Security Gateway (ESG) product via a five-paragraph advisory on its website. The vendor said it initially discovered the vulnerability on May 19 before releasing patches May 20 and 21. Tracked as CVE-2023-2868, the vulnerability is a remote command injection vulnerability that had been under active exploitation by the time it was discovered since at least October 2022.
Then, in early June, Barracuda said the patches already released for the flaw were insufficient and that customers would need to fully replace their physical ESG appliances. "Compromised ESG appliances must be immediately replaced regardless of patch version level," the action notice read. "If you have not replaced your appliance after receiving notice in your UI, contact support now."
Barracuda told TechTarget Editorial in a statement at the time that it would replace ESG products at no cost to the customer.
Mandiant published additional research Thursday that further detailed the severity of the vulnerability and attributed the exploitation activity to a Chinese nation-state threat actor. The Google Cloud-owned security firm also detailed how the threat actor, dubbed UNC4841, maintained persistent access to compromised devices despite Barracuda's patching and remediation efforts.
On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the ongoing situation surrounding CVE-2023-2868 and Barracuda's response to it.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is a writer, journalist and podcaster based in Boston.