Barracuda Warns ESG Appliances Need Urgent Rip & Replace

Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says.

UPDATE
Despite pushing out patches addressing vulnerabilities in its Email Security Gateway (ESG) appliances in May, today Barracuda issued an urgent warning that all affected devices need to be taken offline and replaced immediately.
The ESG remote command injection vulnerability, tracked under CVE-2023-2868, was already under active exploit since October 2022,
Barracuda said in its initial May 30 disclosure
. A patch was released on May 20, but by June 6 it was determined the patch and subsequent script pushed out to counter unauthorized access werent enough to secure impacted ESG devices, according to the advisory.
Barracuda determined some infected devices maintained persistent backdoor access, with some presenting evidence of data exfiltration, even after patching.
A statement provided to Dark Reading from Barracuda said only 5% of active ESG appliances show indicators of compromise.
Despite deployment of additional patches based on known IOCs, we continue to see evidence of ongoing malware activity on a subset of the compromised appliances, Barracudas statement provided to Dark Reading said. Therefore, we would like customers to replace any compromised appliance with a new unaffected device.
Barracuda added that it is providing replacement devices at no cost to its customers.
Mike Parkin, senior technical engineer with Vulcan Cyber, explained in a statement provided to Dark Reading that he suspects the threat actors found a way to make changes deep in the device firmware.
By replacing the kit, Barracuda can be absolutely sure theyve eradicated a potential compromise in customer environments, Parkin explained. This is only an educated guess based on the timeline and their reaction.
Parkin added that customers should take Barracudas warning seriously.
If Barracuda is telling them to take it out of service now, a replacement is on the way, then they should probably do exactly that, Parkin added. If a vendor tells you to pull a system out of service based on their own security advisory, why argue?
This post was updated Friday at 2 p.m. ET with statements from Barracuda.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Barracuda Warns ESG Appliances Need Urgent Rip & Replace