Actively exploited vulnerability

CVE-2023-2868: Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.

CISA KEV source 26 May 2023 added 16 Jun 2023 remediation due

Affected product

Barracuda Networks · Email Security Gateway (ESG) Appliance

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2023-2868.