Technology

Barracuda fixes new ESG zero-day exploited by Chinese hackers

December 29, 2023

Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices.

The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the ESG appliance, the experts said. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.

Together with Mandiant, Barracuda’s researchers concluded that the flaw was being leveraged by a Chinese threat actor tracked as UNC4841. This group has been using the ACE flaw to drop new variants of SEASPY and SALTWATER malware.

Open source in danger

“On December 22, 2023, Barracuda deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise related to the newly identified malware variants,” the company said in an announcement. No action from the user’s side is required, Barracuda concluded, adding that its investigation into the matter is ongoing.

While Barracuda did address the issue within its own ecosystem, the open-source library remains vulnerable, the company stressed. “For organizations utilizing Spreadsheet::ParseExcel in their own products or services, we recommend reviewing CVE-2023-7101 and promptly taking necessary remediation measures,” it concluded.

This is not the first time Barracuda’s ESG appliances were targeted by UNC4841, BleepingComputer reminds. In May, the group used another zero-day vulnerability, CVE-2023-2868, as part of its cyber-espionage campaign. At the time, the company said the hackers were abusing the flaw for more than half a year, and were deploying previously unknown malware. Roughly a third of all targeted endpoints belonged to government agencies, Mandiant confirmed.

Barracuda claims to be servicing more than 200,000 organizations all over the world, including major brands such as Samsung, Mitsubishi, or Delta Airlines.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar