DESCRIPTION:
A remote command injection vulnerability (CVE-2023-2868) exists in the Barracuda Email Security Gateway product. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product.
AFFECTED RELEASES:
Barracuda Email Security Gateway (appliance form factor only) product versions 5.1.3.001-9.2.0.006
SOLUTION:
1. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
REFERENCE:
1. https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
2. https://www.barracuda.com/company/legal/esg-vulnerability
3. https://nvd.nist.gov/vuln/detail/CVE-2023-2868