WORDS
| CVSS | |
|---|---|
| DESCRIPTION | A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. |
| HEAT SCORE | 127 |
| DATE | TWEETS | USER |
|---|---|---|
| 2023-05-29 13:00:36 | CVE-2023-2868 is a remote command injection vulnerability in the Barracuda ESG appliance. The vulnerability exists… https://t.co/iFqnkeaxS5 https://twitter.com/i/web/status/1663167151388217346 | PhishNewsMedia |
| 2023-05-28 16:41:19 | CISAの悪用が確認されている脆弱性に1件の追加。 追加されたのは、Barracuda Email Security Gatewayの.tarファイル処理におけるインジェクションの脆弱性(CVE-2023-2868)です。 影… https://t.co/GvswxpicD4 https://twitter.com/i/web/status/1662860351292198918 | ntsuji |
| 2023-05-28 13:00:15 | Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2023-2868: 333.7K (audience size) CVE-2023-28771: 330.2K CVE-2023-… https://t.co/MH1LGCpdt7 https://twitter.com/i/web/status/1662805934366760960 | CVEtrends |
| 2023-05-27 20:00:15 | CVE-2023-2868 Baracuda e-type storrage RCE in perl operator. Промышленная бигдата в опасности, внимание… https://t.co/6aD1PCJEmC https://twitter.com/i/web/status/1662547818542772225 | bytecodevm |
| 2023-05-27 13:00:12 | Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2023-2868: 678.7K (audience size) CVE-2023-2825: 177.9K CVE-2023-2… https://t.co/iS5z6VDR6E https://twitter.com/i/web/status/1662443547771957248 | CVEtrends |
| 2023-05-26 23:20:32 | Barracuda NetworksのEmail Security Gatewayアプライアンスの脆弱性(CVE-2023-2868)、CISAのカタログに追加。リモートからシステムコマンドの実行が可能な脆弱性で、パッチは今週初め… https://t.co/dZvMpsJZhJ https://twitter.com/i/web/status/1662236795172470785 | ishizuki |
| 2023-05-26 22:31:05 | #Vulnerability #CISA CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog https://t.co/E5MWVmoOeg https://securityonline.info/cisa-adds-cve-2023-2868-vulnerability-to-kev-catalog/?utm_source=dlvr.it&utm_medium=twitter | Komodosec |
| 2023-05-26 22:00:16 | - CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | foxbook |
| 2023-05-26 18:36:29 | CVE-2023-2868 - Barracuda Networks ESG Appliance Improper Input Validation Vulnerability has been added to the KEV catalog. | KEV_bot_1 |
| 2023-05-26 18:30:59 | CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog https://t.co/jrjkplKRnh #infosec #security #pentesting https://securityonline.info/cisa-adds-cve-2023-2868-vulnerability-to-kev-catalog/ | the_yellow_fall |
| 2023-05-26 17:20:47 | 🚧 @CISAgov added #CVE-2023-2868 to the Known Exploited Vulnerabilities Catalog. Keep up with 🆕 additions & protect… https://t.co/JSw4ieZI8q https://twitter.com/i/web/status/1662145459756974094 | CISACyber |
| 2023-05-26 14:42:12 | 🔒 Alert: Barracuda warns of zero-day exploit targeting Email Security Gateway (ESG) appliances. CVE-2023-2868 allow… https://t.co/DXDq8X3Wzh https://twitter.com/i/web/status/1662105498563547136 | Intect6 |
| 2023-05-26 06:10:20 | Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) https://t.co/R9CY8qPSPM https://status.barracuda.com/incidents/34kx82j5n4q9 | _r_netsec |
| 2023-05-26 05:00:13 | Secure your network immediately! Barracuda warns of zero-day flaw tracked as CVE-2023-2868 that affects versions 5.… https://t.co/1n1qdm9F1b https://twitter.com/i/web/status/1661959310778458113 | 0xedeon |
| 2023-05-26 02:20:27 | Zero-Day Vulnerability CVE-2023-2868 Exploited to Hack Barracuda Email Security Gateway Appliances https://t.co/toDnDnpojc https://www.securityweek.com/zero-day-vulnerability-exploited-to-hack-barracuda-email-security-gateway-appliances/ | SecurityWeek |
| 2023-05-26 02:20:12 | SecurityWeek: Zero-Day Vulnerability CVE-2023-2868 Exploited to Hack Barracuda Email Security Gateway Appliances https://t.co/jCr9ImeyR1 https://www.securityweek.com/zero-day-vulnerability-exploited-to-hack-barracuda-email-security-gateway-appliances/ | MrsYisWhy |
| 2023-05-25 17:33:18 | CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. https://t.co/L5YagYqslW f… https://t.co/o66HlBqRfA https://status.barracuda.com/ https://twitter.com/i/web/status/1661785966011461636 | emailmp |
| 2023-05-25 13:14:14 | Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2023-2868: 556.6K (audience size) CVE-2023-28274: 412.3K CVE-2023-… https://t.co/Fl1ZKN5SQP https://twitter.com/i/web/status/1661718770895712256 | CVEtrends |
| 2023-05-25 11:51:17 | Barracuda email #security appliances #hacked via zero-day #vulnerability (CVE-2023-2868) https://t.co/WfRqkoGV26 #HelpNetSecurity https://www.helpnetsecurity.com/2023/05/25/cve-2023-2868/ | SecurityNewsbot |
| 2023-05-25 11:42:05 | #Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (#ESG) on May 19, 202… https://t.co/f6ziG0sDgQ https://twitter.com/i/web/status/1661697874244120576 | domineefh |
| 2023-05-25 11:41:22 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) #cybersecuritynews #netsec… https://t.co/3YtlRfF0kW https://twitter.com/i/web/status/1661698012886999041 | Xc0resecurity |
| 2023-05-25 11:21:09 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) https://t.co/r1IzrBICWh https://www.itsecuritynews.info/barracuda-email-security-appliances-hacked-via-zero-day-vulnerability-cve-2023-2868/ | IT_securitynews |
| 2023-05-25 10:55:46 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868): A vulnerability (CVE-2023-28… https://t.co/IsPoD4xwz5 https://twitter.com/i/web/status/1661684679131684864 | cipherstorm |
| 2023-05-25 10:55:21 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) #HelpNetSecurity… https://t.co/fbSHFQ0711 https://twitter.com/i/web/status/1661684809188642819 | PoseidonTPA |
| 2023-05-25 10:54:06 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) https://t.co/aJTpMypsAL… https://t.co/2FZgrqIq8A https://ift.tt/8NwpiTS https://twitter.com/i/web/status/1661684843065778176 | SK_Expert |
| 2023-05-25 10:20:48 | Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gatew… https://t.co/nAZ42HpETW https://twitter.com/i/web/status/1661677991024529408 | EduardKovacs |
| 2023-05-25 10:00:58 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868): A vulnerability (CVE-2023-28… https://t.co/0QKpVTNmPp https://twitter.com/i/web/status/1661671720837849088 | shah_sheikh |
| 2023-05-25 10:00:49 | Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) - https://t.co/auQIRHssbA -… https://t.co/egjlbNi61j https://www.helpnetsecurity.com/2023/05/25/cve-2023-2868/ https://twitter.com/i/web/status/1661672481030041600 | helpnetsecurity |
| 2023-05-25 10:00:41 | Zero-Day Vulnerability CVE-2023-2868 Exploited to Hack Barracuda Email Security Gateway Appliances https://t.co/toDnDnoQtE https://www.securityweek.com/zero-day-vulnerability-exploited-to-hack-barracuda-email-security-gateway-appliances/ | SecurityWeek |
| 2023-05-25 10:00:22 | SecurityWeek: Zero-Day Vulnerability CVE-2023-2868 Exploited to Hack Barracuda Email Security Gateway Appliances https://t.co/jCr9ImeyR1 https://www.securityweek.com/zero-day-vulnerability-exploited-to-hack-barracuda-email-security-gateway-appliances/ | MrsYisWhy |
| 2023-05-25 08:32:25 | CVE-2023-2868 : BARRACUDA EMAIL SECURITY GATEWAY UP TO 9.2.0.006 TAR FILE COMMAND INJECTION https://t.co/IXDFfG8gns https://prophaze.com/cve/cve-2023-2868/ | prophaze |
| 2023-05-25 06:11:20 | CVE-2023-2868 (CVSS:9.4, CRITICAL) is Received. A remote command injection vulnerability exists in the Barracuda Em… https://t.co/mfsebAD7ux https://twitter.com/i/web/status/1661613144312250368 | cracbot |
| 2023-05-25 03:40:14 | Barracuda Email Security Gatewayアプライアンスのゼロデイ脆弱性(CVE-2023-2868)が開示された。5/20-21修正。被害規模は明らかにされていない。NISTによると、ユーザから提示されたT… https://t.co/rLtj7jkCYH https://twitter.com/i/web/status/1661576822474305537 | __kokumoto |
| 2023-05-24 20:21:48 | New post from https://t.co/uXvPWJy6tj (CVE-2023-2868) has been published on https://t.co/iYq5vGzIfI http://www.sesin.at https://www.sesin.at/2023/05/24/cve-2023-2868/ | WolfgangSesin |
| 2023-05-24 20:21:30 | New post from https://t.co/9KYxtdZjkl (CVE-2023-2868) has been published on https://t.co/TcrnamhBA2 http://www.sesin.at https://www.sesin.at/2023/05/24/cve-2023-2868/ | www_sesin_at |
| 2023-05-24 20:21:11 | New post from https://t.co/uXvPWJy6tj (CVE-2023-2868 | Barracuda Email Security Gateway up to 9.2.0.006 TAR File co… https://t.co/VXJLBRQbS8 http://www.sesin.at https://twitter.com/i/web/status/1661466051140354048 | WolfgangSesin |
| 2023-05-24 20:20:54 | New post from https://t.co/9KYxtdZjkl (CVE-2023-2868 | Barracuda Email Security Gateway up to 9.2.0.006 TAR File co… https://t.co/XvroND9bjE http://www.sesin.at https://twitter.com/i/web/status/1661466053283569665 | www_sesin_at |
| 2023-05-24 19:41:37 | #BarracudaESG Alert! A zero-day vulnerability (CVE-2023-2868) was exploited and has been patched. If impacted, chec… https://t.co/l1TiV8B0CO https://twitter.com/i/web/status/1661455045051793408 | mstfknn |
| 2023-05-24 19:40:40 | Barracuda identificó una vulnerabilidad (CVE-2023-2868) en nuestro dispositivo Email Security Gateway (ESG) -… https://t.co/kyfZ1GBr2a https://twitter.com/i/web/status/1661456413439283215 | luiscosio |
| 2023-05-24 19:13:04 | CVE-2023-2868 A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance fo… https://t.co/qnqG8saq9v https://twitter.com/i/web/status/1661447067351367680 | CVEnew |