[German]Barracuda has discoverd during an ongoing investigation that a threat actor is exploiting the CVE-2023-7102 vulnerability in the Barracuda Email Security Gateway Appliance (ESG). The use of a third-party library led to this vulnerability, which affected the Barracuda ESG appliance from 5.1.3.001 to 9.2.1.001. Barracuda has provided a security update for all active ESGs as of December 21, 2023 to address the ACE vulnerability.
Advertising
In a security advisory Barracuda Email Security Gateway Appliance (ESG) Vulnerability, Barracuda points out the ESG vulnerability CVE-2023-7102 found during an ongoing investigation. A threat actor exploited this vulnerability for arbitrary code execution (ACE) in a third-party library. The Spreadsheet::ParseExcel was exploited to use a specially crafted Excel email attachment to target a limited number of ESG devices. Spreadsheet::ParseExcel is an open source library used by the Amavis virus scanner within the ESG appliance.
Barracuda, in collaboration with Mandiant, believes that this activity is due to continued activity by the China Nexus actor tracked as UNC4841. The vulnerability has received a CVSSv2 score of 7.5 and a CVSS3 Socre of 8.8. The Barracuda ESG appliance from 5.1.3.001 to 9.2.1.001 were affected.
On December 21, 2023, Barracuda deployed a security update to all active ESGs to address the ACE vulnerability in Spreadsheet::ParseExcel. The security update was applied automatically and requires no customer intervention.
Following the exploitation of the ACE vulnerability (CVE-2023-7102) by UNC4841, Barracuda has observed new variants of SEASPY and SALTWATER malware deployed on a limited number of ESG devices. On December 22, 2023, Barracuda deployed a patch to remediate compromised ESG devices that showed signs of compromise associated with the newly identified malware variants.
Advertising
