A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LBarracuda Email Security Gateway 300
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 300 Firmware
OSBarracuda5.1.3.001 – 9.2.0.006Barracuda Email Security Gateway 400
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 400 Firmware
OSBarracuda5.1.3.001 – 9.2.0.006Barracuda Email Security Gateway 600
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 600 Firmware
OSBarracuda5.1.3.001 – 9.2.0.006Barracuda Email Security Gateway 800
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 800 Firmware
OSBarracuda5.1.3.001 – 9.2.0.006Barracuda Email Security Gateway 900
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 900 Firmware
OSBarracuda5.1.3.001 – 9.2.0.006
CISA KEV — detailsi
- Vendori
- Barracuda Networks
- Producti
- Email Security Gateway (ESG) Appliance
- Added to KEVi
- May 26, 2023
- Remediation deadline (US Federal)i
- June 16, 2023(overdue)
Apply updates per vendor instructions.
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
Related vulnerabilities
Wstrzyknięcie parametrów w Barracuda ESG przez podatną bibliotekę Spreadsheet-ParseExcel
Barracuda RMM — RCE przez deserializację .NET Remoting w Service Center
Barracuda RMM – RCE przez insecure reflection w Service Center
Barracuda RMM: path traversal i RCE przez niezweryfikowany URL w WSDL
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leverag...