Vulnerability Details : CVE-2023-2868
Public exploit exists!
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
Products affected by CVE-2023-2868
- Barracuda » Email Security Gateway 300 FirmwareVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*
- Barracuda » Email Security Gateway 400 FirmwareVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*
- Barracuda » Email Security Gateway 600 FirmwareVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*
- Barracuda » Email Security Gateway 800 FirmwareVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*
- Barracuda » Email Security Gateway 900 FirmwareVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*
- Barracuda » Email Security GatewayVersions from including (>=) 5.1.3.001 and up to, including, (<=) 9.2.0.006cpe:2.3:o:barracuda:email_security_gateway:*:*:*:*:*:*:*:*
CVE-2023-2868 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
Notes:
https://status.barracuda.com/incidents/34kx82j5n4q9; https://nvd.nist.gov/vuln/detail/CVE-2023-2868
Added on
2023-05-26
Action due date
2023-06-16
Exploit prediction scoring system (EPSS) score for CVE-2023-2868
90.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2868
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.4
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
3.9
|
5.5
|
Google Inc. | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-2868
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: cve-coordination@google.com (Secondary)
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-2868
-
https://status.barracuda.com/incidents/34kx82j5n4q9
Barracuda Networks Status - Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.Vendor Advisory
-
https://www.barracuda.com/company/legal/esg-vulnerability
Barracuda Email Security Gateway Appliance (ESG) VulnerabilityMitigation;Vendor Advisory
Jump to