Following exploits of a now-patched vulnerability in the appliance, the vendor said that ‘full replacement’ of impacted ESG devices is necessary.
Barracuda is urging customers that use Email Security Gateway appliances affected by a recently revealed critical vulnerability to “immediately” replace the devices.
The company disclosed the warning in an update this week to its post about the breach of some ESG customers, who fell victim to attackers who exploited the zero-day vulnerability.
“Impacted ESG appliances must be immediately replaced regardless of patch version level,” Barracuda wrote in the post update. “If you have not replaced your appliance after receiving notice in your UI, contact support now.”
The company added that its “remediation recommendation at this time is full replacement of the impacted ESG.”
When contacted by CRN Thursday, Barracuda said it had no further details on what prompted the new recommendation or how the replacement appliances will be paid for.
Barracuda has said that the vulnerability was discovered on May 19, and the company deployed a patch “to all ESG appliances worldwide” the following day. A second patch was deployed on May 21 to all Email Security Gateway appliances.
The investigation so far has found that the vulnerability “resulted in unauthorized access to a subset of email gateway appliances.” Affected customers have been notified, Campbell, Calif.-based Barracuda said.
Barracuda initially disclosed the breach on May 24. Further investigation uncovered evidence that the vulnerability had been exploited as far back as October 2022, the company said in an updated disclosure on June 1.
Barracuda’s Email Security Gateway is a product used by on-premises customers for filtering of all email traffic, both inbound and outbound. The appliance, which is cloud-connected, is often used to protect Microsoft Exchange environments.
The company’s investigation found that attackers deployed two types of malware, Saltwater and SeaSpy, in order to create a backdoor into impacted ESG appliances. The attackers also used a tool known as SeaSide for remotely issuing commands to the systems, according to Barracuda.
– CRN