Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.
Subscribe
Update - Update on Email Security Gateway vulnerability previously identified on May 19, 2023, (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) and Barracuda’s ongoing investigation. On May 30, 2023, Barracuda provided a Preliminary Summary of Key Findings which is available on our Trust Center here: (https://www.barracuda.com/company/legal/esg-vulnerability). This Preliminary Summary provides a timeline of events, key Indicators of Compromise (IOCs), and recommended actions for impacted customers.
We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).
May 30, 2023 - 15:38 UTC
We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).
May 30, 2023 - 15:38 UTC
Investigating - Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. The vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.
We took immediate steps to investigate this vulnerability. Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.
We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).
Barracuda’s investigation was limited to the ESG product, and not the customer’s specific environment. Therefore, impacted customers should review their environments and determine any additional actions they want to take.
Your trust is important to us. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause. If you have any questions, please reach out to support@barracuda.com.
May 23, 2023 - 20:28 UTC
We took immediate steps to investigate this vulnerability. Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.
We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).
Barracuda’s investigation was limited to the ESG product, and not the customer’s specific environment. Therefore, impacted customers should review their environments and determine any additional actions they want to take.
Your trust is important to us. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause. If you have any questions, please reach out to support@barracuda.com.
May 23, 2023 - 20:28 UTC
Emails re-scanned and re-processed on Email Gateway Defense (EGD) due to spam scoring logic correction
Subscribe
Monitoring - As previously indicated, at approximately 15:09pm UTC on May 22, 2023, a routine update to Email Gateway Defense's (EGD) spam scoring logic inadvertently caused customers' email scores to be increased by 2.9 points. This unfortunately led to a significant amount of email messages to be blocked as false positives. The spam rule update was reverted, however a large number of users needed to sign onto EGD redeliver their incorrectly blocked messages.
Since then, Barracuda has worked to re-scan and re-process all emails that were incorrectly blocked (false positives), with the exception of emails where customers have since taken their own subsequent actions such as redelivery, deletion, etc. Our re-processing procedure, with these noted omissions, has now completed. If customers believe that our corrective actions have not fully resolved this issue, they are requested to contact Barracuda Customer Support. Again, we apologize for the inconvenience this issue has caused.
May 29, 2023 - 23:42 UTC
Since then, Barracuda has worked to re-scan and re-process all emails that were incorrectly blocked (false positives), with the exception of emails where customers have since taken their own subsequent actions such as redelivery, deletion, etc. Our re-processing procedure, with these noted omissions, has now completed. If customers believe that our corrective actions have not fully resolved this issue, they are requested to contact Barracuda Customer Support. Again, we apologize for the inconvenience this issue has caused.
May 29, 2023 - 23:42 UTC
Investigating - We are aware that some customers have received erroneous license violation emails from WAF-as-a-Service. Please ignore them, these are in error and no customer will have any licenced features deactivated. We have already stopped further emails from being sent. We are now investigating the cause and will update once this has been identified and resolved.
Mar 23, 2023 - 15:06 UTC
Mar 23, 2023 - 15:06 UTC
Appliance Control
Operational
Web Interface
?
Operational
Device Connections
Operational
Cloud backups
Operational
Appliance Updates
Operational
Backup Service
Operational
Web Interface
Operational
Email Alerts / Reports
Operational
Offsite Transfers
Operational
Cloud to Cloud Backup
Operational
Web Interface
Operational
Office 365 Integration
Operational
Cloud to Cloud Backups
Operational
BarracudaCentral.org
Operational
Cloud Archiving Service
Operational
Web Interface
Operational
End-user Access
Operational
Mail Processing
Operational
Exchange Integration
Operational
PST Import
Operational
Retention
Operational
Cloud Control
Operational
CloudGen Access
Operational
API EU
Operational
API US
Operational
Enterprise Console EU
Operational
Enterprise Console US
Operational
CloudGen Firewall
Operational
Advanced Threat Protection
Operational
Web Categorization Service
Operational
Download Portal
?
Operational
Licensing
Operational
Zero Touch Deployment (ZTD)
?
Operational
SecureEdge
Operational
Zero Touch Deployment (ZTD)
Operational
Configuration Service
Operational
Advanced Threat Protection
Operational
Web Categorization Service
Operational
Download Portal
Operational
Licensing
Operational
Cloud Protection Layer for ESG
?
Operational
Cloud Security Guardian
Operational
Web UI
Operational
Scan Engine
Operational
Content Shield
Operational
US - Web Interface
Operational
US - Content Filtering
Operational
EU - Web Interface
Operational
EU - Content Filtering
Operational
Corporate Website
Operational
Campus
Operational
Blog
Operational
www
Operational
Community
Operational
ECHOplatform
Operational
Email Gateway Defense
Operational
Mail Delivery
?
Operational
User Interface
?
Operational
Impersonation Protection (formerly Sentinel)
Operational
Email Processing
Operational
Dashboard UI
Operational
Incident Response
Operational
Dashboard UI
Operational
Email Processing
Operational
Message Archiver
Operational
Cloud Replication
Operational
Cloud Federated Search
Operational
View - Cloud Email Archive
Operational
EMEA | nest1-view-eu | viewarchive.co.uk
?
Operational
APAC | nest1-view-au | au.viewarchive.com
?
Operational
US | nest1-view-us | viewarchive.com
?
Operational
US | im1-view-us |
?
Operational
US | rack1-view-us |
?
Operational
Vulnerability Manager/Vulnerability Remediation Service
Operational
User Interface
?
Operational
Scan Engine
?
Operational
Web Security Service
Operational
Management Web UI
Operational
Traffic Processing
Operational
WSA Service Test
Operational
WAF Active DDoS Prevention Service
?
Operational
Management Web UI
Operational
Traffic Flow
Operational
WAF-as-a-Service
Operational
Configuration Propagation
?
Operational
Traffic Processing
?
Operational
Management Web UI
Operational
XDR
Operational
XDR Dashboard
Operational
XDR Service
Operational
Email Security Gateway Appliance
Operational
Email Processing
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.