CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

On the relentless battlefield of cyber warfare, a new threat has emerged. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning pertaining to a security vulnerability in Barracuda’s Email Security Gateway (ESG) appliances. The vulnerability tracked as CVE-2023-2868 and boasting a worrisome CVSS score of 9.4, allows attackers to remotely execute system commands, paving the way for potential intrusions and data breaches.

The security flaw at hand is a remote code injection vulnerability that affects Barracuda ESG appliances. More specifically, this weakness is present in versions 5.1.3.001 through 9.2.0.006 of the product. The security hole is borne out of an inadequate sanitization process when handling .tar files (tape archives).

The root of the problem lies in the insufficient input validation for file names within these user-supplied .tar files. An attacker, by formatting the file names in a particular manner, can exploit this vulnerability to remotely execute system commands using Perl’s qx operator. The executed commands would carry the same privileges as the Barracuda ESG product, potentially providing a direct conduit into the target system.

In response to this critical vulnerability, Barracuda has taken swift action by releasing the BNSF-36456 patch. This patch automatically applied to all customer appliances, aims to nullify the existing threat.

Despite the prompt response, the company confirmed that the vulnerability had resulted in unauthorized access to a subset of email gateway appliances. While the exact scale of the attack remains undisclosed, Barracuda has proactively reached out to affected customers and provided them with remedial action steps.

Following the announcement of the security flaw, U.S. Federal Civilian Executive Branch Agencies (FCEB) have been given a hard deadline of June 16 to bolster their Barracuda Email Security Gateway Appliances against attacks exploiting CVE-2023-2868. This timeline underscores the seriousness of the issue, as CISA has included the vulnerability in its catalog of Known Exploited Vulnerabilities.

This incident underscores the critical importance of robust, multi-layered security measures for cyberinfrastructure. In today’s interconnected world, even seemingly innocuous elements, like the name of a file within a .tar archive, can be weaponized to compromise entire systems.

While Barracuda has acted responsibly by rapidly patching the vulnerability and informing affected customers, this event serves as a stark reminder of the continuous evolution of cyber threats. Businesses and government agencies alike must remain vigilant, constantly updating and adapting their cybersecurity measures to stay one step ahead in the ongoing battle of digital defense.