Barracuda Networks advises customers to replace compromised Email Security Gateway (ESG) appliances immediately, even if they have installed all available patches. On May 18, Barracuda became aware of attacks targeting its ESG appliances. The following day, the company discovered the attacks exploiting a previously unknown vulnerability (CVE-2023-2868).
Barracuda promptly developed patches and scripts to mitigate the attack, which was subsequently released. Initially, impacted customers were advised to ensure that their appliances had received all updates, definitions, and security patches.