clayton@site:~/news$ cat cve-2023-2868-barracuda-networks-email-security-gateway-esg-appliance.log

CVE-2023-2868 — Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

2023-05-26 • CISA Known Exploited Vulnerability

[event] Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.

> AFFECTED SOFTWARE

Field	Value
Vendor	Barracuda Networks
Product	Email Security Gateway (ESG) Appliance
CWE	CWE-20
CVE ID	CVE-2023-2868
Date Added	2023-05-26
Due Date	2023-06-16
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-06-16

> REFERENCES

[1] https://status.barracuda.com/incidents/34kx82j5n4q9
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-2868