Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.
“Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company said in an update, adding its “remediation recommendation at this time is full replacement of the impacted ESG.”
While the company did not disclose the reasons behind the move, it’s likely an indication that the threat actors behind the campaign managed to tamper with the firmware on a much deeper level that a patch cannot completely address.
The latest development comes as Barracuda disclosed that a critical flaw in the devices (CVE-2023-2868, CVSS score: 9.8) had been exploited as a zero-day for at least seven months since October 2022 to deliver bespoke malware and steal data.
images from Hacker News