Brother
Professional
- Messages
- 2,590
- Reaction score
- 483
- Points
- 83
Chinese hackers have attracted attention after exploiting a vulnerability in the company's popular product.
Barracuda, a network and email security company, said that on December 21, it remotely fixed a zero-day vulnerability in all active Email Security Gateway (ESG) devices that was exploited by Chinese hackers UNC4841.
The company also rolled out a second wave of security updates to already compromised ESG devices where attackers installed the SeaSpy and Saltwater malware.
Discovered on Christmas Eve and tracked as CVE-2023-7102 zero-day, the vulnerability is caused by a bug in a third-party Spreadsheet library:
arseExcel, used by the Amavis antivirus scanner running on Barracuda ESG devices.Attackers can use the flaw to execute arbitrary code on uncorrected ESG devices by injecting parameters.
The company also registered CVE-2023-7101 for separate bug tracking in the open source library, which is still awaiting a fix.
Barracuda said that no action is currently required from the company's customers, and an investigation into the exploitation of the bug is ongoing.
The connection of the discovered vulnerability exploitation with the UNC4841 group was discovered during cooperation with the information security company Mandiant.
Organizations that use Spreadsheet: ParseExcel in its products or services, it is recommended to review CVE-2023-7101 and immediately take the necessary corrective measures.
Barracuda, a network and email security company, said that on December 21, it remotely fixed a zero-day vulnerability in all active Email Security Gateway (ESG) devices that was exploited by Chinese hackers UNC4841.
The company also rolled out a second wave of security updates to already compromised ESG devices where attackers installed the SeaSpy and Saltwater malware.
Discovered on Christmas Eve and tracked as CVE-2023-7102 zero-day, the vulnerability is caused by a bug in a third-party Spreadsheet library:
arseExcel, used by the Amavis antivirus scanner running on Barracuda ESG devices.Attackers can use the flaw to execute arbitrary code on uncorrected ESG devices by injecting parameters.The company also registered CVE-2023-7101 for separate bug tracking in the open source library, which is still awaiting a fix.
Barracuda said that no action is currently required from the company's customers, and an investigation into the exploitation of the bug is ongoing.
The connection of the discovered vulnerability exploitation with the UNC4841 group was discovered during cooperation with the information security company Mandiant.
Organizations that use Spreadsheet: ParseExcel in its products or services, it is recommended to review CVE-2023-7101 and immediately take the necessary corrective measures.
