Barracuda recently detected a zero-day vulnerability in its Email Security Gateway appliance (ESG). Successful exploitation of the vulnerability could have provided threat actors with unauthorized access to a subset of email gateway appliances. According to Barracuda, “the vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.”
Barracuda has notified impacted users through the ESG user interface and addressed with an automatic patch over the weekend. However, given Barracuda’s popularity, WaterISAC is amplifying this message for awareness for members who may use the impacted appliances. Members are encouraged to confirm this has been addressed and review your environment for potential signs of compromise. Read the full advisory at Barracuda or read a relevant news article here.