Critical Vulnerability Notification: Barracuda Email Security Gateway Appliance (CVE-2023-2868)


Update 15th of June, 2023

Barracuda recently discovered a product vulnerability impacting Barracuda’s Email Security Gateway (ESG) appliances and quickly deployed a patch to remediate the issue. This vulnerability was exploited by a threat actor to gain access to a subset of appliances. As of June 10, 2023, approximately 5% of active ESG appliances worldwide have shown evidence of known indicators of compromise. In furtherance of Barracuda’s containment strategy, on May 31,2023, Barracuda advised customers to replace compromised appliances with a new unaffected device. Barracuda is providing the replacement product to impacted customers at no cost. To read further details visit: https://www.barracuda.com/company/legal/esg-vulnerability

Barracuda is committed to providing transparency around the incident, as well as the information on actions taken to protect customers. Barracuda believes that transparency is in the best interest of its customers, partners, and the greater security community. Collaboration and transparency are important as the industry works together to defend against increasingly sophisticated and aggressive threat actors. 

Barracuda partnered closely with Mandiant and its government partners to investigate the exploit behaviour and malware. Mandiant identified the suspected China-nexus actor, currently tracked as UNC4841, and assesses with high confidence that the group is working in support of the People’s Republic of China. For more details, please read Mandiant’s blog at https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally.

Our commitment is to provide our customers with detailed information regarding critical vulnerabilities found in products from our vendors. As our solutions are designed and built around "cloud-first" principles. The Barracuda Email Security Gateway solution does not align with the Group K security technology stack that we design, implement and support for our customers.

The critical vulnerability did not affect Barracuda's SaaS solution (Email Protection). The foundational principles applied in designing and developing this solution are fundamentally distinct from those used in the Email Security Gateway Appliance. Therefor we highly advise all customers which are using the Email Security Gateway Appliance to migrate to the SaaS solution. Over the past years, our Security Team has successfully migrated numerous customers from ESG to the SaaS solution. Don't hesitate to contact our Sales team for more information.

Group K continues to foster a strong partnership with Barracuda and their development teams, prioritizing the utmost protection for our customers and their data in all future endeavors.

Frank Keunen, CEO of Group K


Most recent posts

BY e-mail

Subscribe to newsletter

Stay connected with us and keep up with the latest industry news, insights, and company updates by subscribing to our newsletter. Stay UP-TO-DATE!

Blog

In the spotlight

“Empowering businesses to thrive in the digital age”

Collaboration is at the heart of everything we do at Group K. We believe in forging strong partnerships with our clients, enabling us to understand their specific needs and deliver solutions that drive lasting results. Our team is committed to providing unparalleled customer support, ensuring that we are always available to answer questions, provide guidance, and offer expert advice.

How can we help?

Discover our dedicated support team to help you

Expert advice?

We provide tailored recommendations to help you optimize your IT infrastructure.