Barracuda says exchange your "Email Security Gateway Appliance (ESG)" immediately

Sicherheit (Pexels, allgemeine Nutzung)[German]Another short topic, which has been a bit delayed due to holidays. The manufacturer Barracuda is asking administrators of its Email Security Gateway Appliance (ESG) to replace the devices immediately. The background is a vulnerability in the ESG models, which was supposed to be patched at the end of May 2023. However, this does not seem to be working and the manufacturer is calling for replacement.


Vulnerability in Barracuda ESGs

I had reported in the blog post Barracuda warns of attacks on email gateways via 0-day vulnerability (May 19, 2023) about a warning from vendor Barracuda in its Email Security Gateway Appliance (ESG). The vulnerability was discovered after an attack on May 19, 2023. The vendor released security updates to close this vulnerability on the affected appliances on May 20 and 21, 2023. However, these updates do not appear to have had the hoped-for success.

Barracuda calls for appliance replacement

Meanwhile, someone in tthis comment referred to the Barracuda announcement Barracuda Email Security Gateway Appliance (ESG) Vulnerability from June 6, 2023. It states:

ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now (

Barracuda's remediation recommendation at this time is full replacement of the impacted ESG.

Cookies helps to fund this blog: Cookie settings

This entry was posted in issue, Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *