Barracuda Announces a Zero-day Vulnerability in the ESG Product

Barracuda has announced a campaign by a Chinese threat actor, UNC4841, against their email secure gateway (ESG) product.

Barracuda has announced a campaign by a Chinese threat actor, UNC4841, against their email secure gateway (ESG) product. The vulnerability in Spreadsheet::ParseExcel allowed the threat actor to target ESG devices with an Excel email attachment and resulted in the discovery of a new malware deployed on the ESG devices.

Barracuda has released a patch for the vulnerability CVE-2023-7102 for devices that had IOC’s relating to the attack. They have advised that customers do not need to take any current action. However, vulnerability CVE-2023-7101, which originates in the Spreadsheet::ParseExcel library, remains. A recommendation has been made for organizations to update to the latest version. This is an open-source product used by Barracuda and many others.

This is of particular interest, as it is the second zero-day vulnerability announced by Barracuda in relation to this product within 6 months. Vulnerability CVE-2023-2868 was announced in the summer of 2023, with a patch being released at the same time. At the time, the FBI warned that this vulnerability was still a risk as the FBI continued to observe exploits against it.

This exploit was attributed to the same threat actor and may suggest that the product, or customers of the product, are of particular interest to this Chinese group. It may also indicate that these vulnerabilities and use of the product should be monitored for further activity, or compromise against organizations that have not patched the announced vulnerabilities.

Barracuda’s communications and investigative work in relation to this issue has drawn praise from some in the industry.

With so many vulnerabilities being announced each year it can be hard to monitor which are notable. This warrants further monitoring due to the targeted nature of the exploit and the continuing risk from vulnerability CVE-2023-7101.

Further information can be found in the company’s statement.


Share the Article

Recent Articles

New SIM Swapping Attacks

According to new research, eSIM cards are being hijacked for cyber attacks. eSIM cards are remotely programmable chips that are stored within phones and other wearable devices.

Read More »
Scroll to Top

This website uses cookies to improve your browsing experience. By clicking accept, you consent to the use of cookies. To learn more about the cookies we use, visit our Privacy & Cookie Policy.

Report a New Incident

Your incident report has been submitted.