Update - Update on Email Security Gateway vulnerability previously identified on May 19, 2023, (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) and Barracuda’s ongoing investigation. On May 30, 2023, Barracuda provided a Preliminary Summary of Key Findings which is available on our Trust Center here: (https://www.barracuda.com/company/legal/esg-vulnerability). This Preliminary Summary provides a timeline of events, key Indicators of Compromise (IOCs), and recommended actions for impacted customers.

We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).

May 30, 2023 - 15:38 UTC
Investigating - Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023. The vulnerability existed in a module which initially screens the attachments of incoming emails. No other Barracuda products, including our SaaS email security services, were subject to this vulnerability.

We took immediate steps to investigate this vulnerability. Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances. As part of our containment strategy, all ESG appliances have received a second patch on May 21, 2023. Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.

We will continue actively monitoring of this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing as part of the investigation. We want to ensure we only share validated information with actionable steps for you to take. As we have information to share, we will provide updates via this product status page (https://status.barracuda.com) and direct outreach to impacted customers. Updates are also located on Barracuda’s Trust Center (https://www.barracuda.com/company/legal).

Barracuda’s investigation was limited to the ESG product, and not the customer’s specific environment. Therefore, impacted customers should review their environments and determine any additional actions they want to take.

Your trust is important to us. We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause. If you have any questions, please reach out to support@barracuda.com.

May 23, 2023 - 20:28 UTC
Monitoring - As previously indicated, at approximately 15:09pm UTC on May 22, 2023, a routine update to Email Gateway Defense's (EGD) spam scoring logic inadvertently caused customers' email scores to be increased by 2.9 points. This unfortunately led to a significant amount of email messages to be blocked as false positives. The spam rule update was reverted, however a large number of users needed to sign onto EGD redeliver their incorrectly blocked messages.
Since then, Barracuda has worked to re-scan and re-process all emails that were incorrectly blocked (false positives), with the exception of emails where customers have since taken their own subsequent actions such as redelivery, deletion, etc. Our re-processing procedure, with these noted omissions, has now completed. If customers believe that our corrective actions have not fully resolved this issue, they are requested to contact Barracuda Customer Support. Again, we apologize for the inconvenience this issue has caused.

May 29, 2023 - 23:42 UTC
Investigating - We are aware that some customers have received erroneous license violation emails from WAF-as-a-Service. Please ignore them, these are in error and no customer will have any licenced features deactivated. We have already stopped further emails from being sent. We are now investigating the cause and will update once this has been identified and resolved.
Mar 23, 2023 - 15:06 UTC
Appliance Control Operational
90 days ago
99.97 % uptime
Today
Web Interface ? Operational
90 days ago
99.97 % uptime
Today
Device Connections Operational
Cloud backups Operational
Appliance Updates Operational
Backup Service Operational
Web Interface Operational
Email Alerts / Reports Operational
Offsite Transfers Operational
Cloud to Cloud Backup Operational
90 days ago
100.0 % uptime
Today
Web Interface Operational
Office 365 Integration Operational
Cloud to Cloud Backups Operational
90 days ago
100.0 % uptime
Today
BarracudaCentral.org Operational
Cloud Archiving Service Operational
Web Interface Operational
End-user Access Operational
Mail Processing Operational
Exchange Integration Operational
PST Import Operational
Retention Operational
Cloud Control Operational
CloudGen Access Operational
90 days ago
100.0 % uptime
Today
API EU Operational
90 days ago
100.0 % uptime
Today
API US Operational
90 days ago
100.0 % uptime
Today
Enterprise Console EU Operational
90 days ago
100.0 % uptime
Today
Enterprise Console US Operational
90 days ago
100.0 % uptime
Today
CloudGen Firewall Operational
Advanced Threat Protection Operational
Web Categorization Service Operational
Download Portal ? Operational
Licensing Operational
Zero Touch Deployment (ZTD) ? Operational
SecureEdge Operational
90 days ago
100.0 % uptime
Today
Zero Touch Deployment (ZTD) Operational
90 days ago
100.0 % uptime
Today
Configuration Service Operational
90 days ago
100.0 % uptime
Today
Advanced Threat Protection Operational
90 days ago
100.0 % uptime
Today
Web Categorization Service Operational
90 days ago
100.0 % uptime
Today
Download Portal Operational
90 days ago
100.0 % uptime
Today
Licensing Operational
90 days ago
100.0 % uptime
Today
Cloud Protection Layer for ESG ? Operational
Cloud Security Guardian Operational
90 days ago
100.0 % uptime
Today
Web UI Operational
90 days ago
100.0 % uptime
Today
Scan Engine Operational
90 days ago
100.0 % uptime
Today
Content Shield Operational
90 days ago
100.0 % uptime
Today
US - Web Interface Operational
90 days ago
100.0 % uptime
Today
US - Content Filtering Operational
90 days ago
100.0 % uptime
Today
EU - Web Interface Operational
90 days ago
100.0 % uptime
Today
EU - Content Filtering Operational
90 days ago
100.0 % uptime
Today
Corporate Website Operational
Campus Operational
Blog Operational
www Operational
Community Operational
ECHOplatform Operational
Email Gateway Defense Operational
90 days ago
99.93 % uptime
Today
Mail Delivery ? Operational
90 days ago
100.0 % uptime
Today
User Interface ? Operational
90 days ago
99.87 % uptime
Today
Impersonation Protection (formerly Sentinel) Operational
Email Processing Operational
Dashboard UI Operational
Incident Response Operational
Dashboard UI Operational
Email Processing Operational
Message Archiver Operational
Cloud Replication Operational
Cloud Federated Search Operational
View - Cloud Email Archive Operational
EMEA | nest1-view-eu | viewarchive.co.uk ? Operational
APAC | nest1-view-au | au.viewarchive.com ? Operational
US | nest1-view-us | viewarchive.com ? Operational
US | im1-view-us | ? Operational
US | rack1-view-us | ? Operational
Vulnerability Manager/Vulnerability Remediation Service Operational
User Interface ? Operational
Scan Engine ? Operational
Web Security Service Operational
Management Web UI Operational
Traffic Processing Operational
WSA Service Test Operational
WAF Active DDoS Prevention Service ? Operational
Management Web UI Operational
Traffic Flow Operational
WAF-as-a-Service Operational
Configuration Propagation ? Operational
Traffic Processing ? Operational
Management Web UI Operational
XDR Operational
90 days ago
100.0 % uptime
Today
XDR Dashboard Operational
90 days ago
100.0 % uptime
Today
XDR Service Operational
90 days ago
100.0 % uptime
Today
Email Security Gateway Appliance Operational
90 days ago
100.0 % uptime
Today
Email Processing Operational
90 days ago
100.0 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Past Incidents
Jun 7, 2023

No incidents reported today.

Jun 6, 2023

No incidents reported.

Jun 5, 2023
Completed - The scheduled maintenance has been completed.
Jun 5, 15:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jun 5, 11:00 UTC
Scheduled - We are adding new features to the SecureEdge platform. No downtime is expected during the update and site devices will be unaffected during this process
May 24, 10:57 UTC
Jun 4, 2023

No incidents reported.

Jun 3, 2023

No incidents reported.

Jun 2, 2023

No incidents reported.

Jun 1, 2023

No incidents reported.

May 31, 2023
Resolved - This incident has been resolved.
May 31, 04:56 UTC
Monitoring - A fix has been implemented and we are monitoring the results.
May 30, 17:57 UTC
Investigating - We are currently experiencing a service outage in Appliance Control “Web Interface” service. Appliance Control customers may not be able to manage the device from the cloud.

Note: Using the local web interface, affected device can be managed.

May 30, 16:30 UTC
May 30, 2023

Unresolved incident: Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023..

May 29, 2023

Unresolved incident: Emails re-scanned and re-processed on Email Gateway Defense (EGD) due to spam scoring logic correction.

May 28, 2023

No incidents reported.

May 27, 2023

No incidents reported.

May 26, 2023
Resolved - This incident has been resolved.
May 26, 02:33 UTC
Update - We are continuing to investigate this issue.
May 25, 19:38 UTC
Investigating - We are currently investigating an issue causing increased latency in backups, restores, and exports for some customers in the US region.
May 25, 16:08 UTC
May 25, 2023
May 24, 2023
Resolved - This incident has been resolved. Please see the detailed incident report here: https://esstimeline.barracudanetworks.com/publications/incident-report-for-egd-ui-outage-on-may-22-2023. For customers that still have blocked mail to redeliver, please see the "Next Steps for Customers" section.
May 24, 01:32 UTC
Update - We are continuing to investigate this issue.
May 23, 20:22 UTC
Investigating - The team is also looking at the update to the spam scoring rule that caused many customers' emails to be blocked incorrectly. We are working on options for customers that may need to rescan and redeliver their mail. We will update as soon as possible.
May 23, 20:22 UTC
Update - We have issued a fix for the UI timeout errors that users were experiencing yesterday and today. We will continue to actively monitor this situation, and we will be transparent in sharing details on what actions we are taking. Information gathering is ongoing, and as part of the investigation, the team is also looking at the update to the spam scoring rule that caused many customers' emails to be blocked incorrectly. We are working on options for customers that may need to rescan and redeliver their mail. We will update as soon as possible.
May 23, 19:46 UTC
Monitoring - A fix has been implemented and we are monitoring the results.
May 23, 17:12 UTC
Investigating - The Email Gateway Defense (EGD) team is investigating login problems seen by users who are enabled on the new React platform. Users are seeing slow load times followed by an error reading "link to login is invalid." This is a timeout error for the UI only, mail-flow is unaffected.
May 23, 15:10 UTC