CVE-2020-2868: 
Oracle Peoplesoft Enterprise Peopletools vulnerability analysis and mitigation

The Barracuda Email Security Gateway (ESG) vulnerability (CVE-2023-2868) was a zero-day vulnerability discovered in May 2023. The vulnerability affected Barracuda ESG appliances and was actively exploited by a Chinese-nexus threat group tracked as UNC4841. The vulnerability was present in a module that initially screens email attachments, and earliest evidence of exploitation dates back to October 2022 (Barracuda ESG).

The vulnerability stemmed from incomplete input validation of user-supplied .tar files related to the names of files contained within the archive. A remote attacker could format file names in a particular manner that would result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product (Barracuda ESG).

The vulnerability allowed unauthorized access to a subset of ESG appliances. Evidence of data exfiltration was identified on impacted appliances, and malware was discovered that allowed for persistent backdoor access. Only Barracuda ESG appliances were affected, with no other Barracuda products, including SaaS email security services, being impacted by this vulnerability (Barracuda ESG).

On May 20, 2023, Barracuda deployed a security patch to remediate the vulnerability to all ESG appliances worldwide. However, due to the severity of the compromise, Barracuda recommended immediate replacement of compromised ESG appliances, regardless of patch level. The company provided replacement products at no cost to impacted customers (Barracuda ESG).

Mandiant, who collaborated with Barracuda on the investigation, published detailed analysis of the threat actor's activities and provided hardening recommendations. The security firm assessed with high confidence that UNC4841 conducted targeted information gathering activity in support of the People's Republic of China (Barracuda ESG).