Barracuda Networks’ Email Security Gateways are again affected by a zero-day vulnerability that allows hackers to install backdoors. Despite an update, the said vulnerability has not yet been resolved.
This time, it is a zero-day in an open-source library for processing Excel files; the library Spreadsheet::ParseExcel. The Amavis virus scanner on the ESG uses the library to scan Excel attachments sent via e-mail.
The vulnerability (CVE-2023-7102) allows rogue Excel attachments to execute arbitrary code on a Barracuda ESG.
Chinese hackers
Barracuda’s research shows that several exploits of this vulnerability have already occurred. Hackers, likely the Chinese hacker group UNC4841, reportedly installed two backdoors on several ESG appliances.
The backdoors are new variants of the SEASPY and SALTWATER malware.
Updates released
Barracuda initially rolled out an automatic update just before Christmas to fix the vulnerability. A second sequential update was released to clean up the affected ESG.
Despite this update, some gateways still appear to be vulnerable. The security vulnerability in Spreadsheet::ParseExcel (CVE-2023-7101) is still present. Companies using this particular library are therefore urged to take the necessary measures. Barracuda emphasizes that only a small number of gateways are vulnerable.
Previous ESG hacks
The vulnerability was not the only ESG vulnerability Barracuda Networks faced this year. In the summer, a vulnerability was discovered that remained hidden for months. It, too, injected the SEASPY and SALTWATER malware.
According to security experts, the vulnerability, which also had a possible link to China, was used for espionage activities, especially in Belgium, Germany and Poland. The intractable vulnerability led Barracuda ESG users to call for just replacing gateways.
Update: Barracuda reached out to us with a statement, in which they stressed in particular that only a small number of appliances have been affected. The attacks that originated as the result of the zero-day, allegedly target a small number of hightech and IT suppliers and government institutions, primarily in the US, Asia-Pacific, and Japan.
Also read: Barracuda Networks passes into the hands of venture capitalist KKR