[German]Another short topic, which has been a bit delayed due to holidays. The manufacturer Barracuda is asking administrators of its Email Security Gateway Appliance (ESG) to replace the devices immediately. The background is a vulnerability in the ESG models, which was supposed to be patched at the end of May 2023. However, this does not seem to be working and the manufacturer is calling for replacement.
Vulnerability in Barracuda ESGs
I had reported in the blog post Barracuda warns of attacks on email gateways via 0-day vulnerability (May 19, 2023) about a warning from vendor Barracuda in its Email Security Gateway Appliance (ESG). The vulnerability was discovered after an attack on May 19, 2023. The vendor released security updates to close this vulnerability on the affected appliances on May 20 and 21, 2023. However, these updates do not appear to have had the hoped-for success.
Barracuda calls for appliance replacement
Meanwhile, someone in tthis comment referred to the Barracuda announcement Barracuda Email Security Gateway Appliance (ESG) Vulnerability from June 6, 2023. It states:
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now (email@example.com).
Barracuda's remediation recommendation at this time is full replacement of the impacted ESG.
Cookies helps to fund this blog: Cookie settings