Barracuda security advisory (AV23-300) - Update 1

Serial number: AV23-300
Date: May 31, 2023
Updated: June 15, 2023

Between May 23 and 30, 2023, Barracuda published security advisories to address a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

• Barracuda Email Security Gateway Appliance – versions 5.1.3.001 to 9.2.0.006

Barracuda has indicated that CVE-2023-2868 has been actively exploited.

Update 1

On June 15, 2023, Barracuda updated their advisory related to vulnerability CVE-2023-2868. Included within the advisory were references to a security blog published by Mandiant that provided a detailed analysis of the reported activity, indicators of compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. (IOCs) and network and file-based signatures that organizations can leverage for their network defences.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Mandiant Barracuda ESG exploited globally
• Barracuda security notices