CVE-2023-2868

Vulnerability updated 5 months ago (2024-05-04T16:24:29.632Z)

Download STIX

Preview STIX

CVE-2023-2868 is a significant software vulnerability that was identified in the Barracuda Email Security Gateway (ESG) appliances. This flaw, specifically a remote command injection vulnerability, was disclosed by Barracuda on May 30th, 2023. The vulnerability had been exploited as early as October 2022 and was due to the way initial screening of incoming email attachments was handled. Notably, UNC4841, a Chinese threat actor group, exploited this zero-day vulnerability in the email attachment screening module, leading to global security concerns. Intrusion sets with links to China have been observed heavily targeting Remote Code Execution (RCE) vulnerabilities and exploiting zero-day vulnerabilities, as highlighted by Mandiant's publications. Among these, CVE-2023-2868 stands out for its exploitation by UNC4841 to gain unauthorized access to ESG appliances and deploy additional malware. This aggressive and skilled activity has raised suspicions of links to China. In addition to CVE-2023-2868, other notable vulnerabilities such as CVE-2021-44207, CVE-2021-44228, and CVE-2022-41328 were also exploited by different Chinese groups. In response to the ongoing campaign utilizing CVE-2023-2868 against Barracuda appliances, the vendor recommended customers return their appliances for new ones. Further investigations into the exploitation of this vulnerability were carried out by security firms like Vectra AI, TeamT5, and Mandiant. These investigations provided further details on the tactics, techniques, and procedures (TTPs) used by the threat actor UNC4841. This continued exploitation of vulnerabilities underscores the need for robust cybersecurity measures and prompt responses to identified threats.

Description last updated: 2024-04-23T14:16:06.474Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Barracuda

CISA

Backdoor

Malware

Zero Day

flaw

Exploit

Mandiant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Unc4841 Threat Actor is associated with CVE-2023-2868. UNC4841 is a threat actor group believed to be affiliated with the Chinese government, known for its malicious cyber activities. Recently, this group exploited a zero-day vulnerability in Barracuda's Email Security Gateway (ESG), a flaw that allowed them to breach US government email servers. This i	Unspecified	3

Source Document References

Information about the CVE-2023-2868 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	3 months ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
InfoSecurity-magazine	6 months ago	Vulnerability Exploitation on the Rise as Attackers Ditch Phishing
CERT-EU	9 months ago	Less than 1% vulnerabilities pose highest risk in 2023, finds Qualys
CERT-EU	9 months ago	Going Beyond Hype: How AI is Rewriting the Cybersecurity Playbook \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	9 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	Alert: Chinese Threat Actors Exploit Barracuda Zero-Day Flaw
CERT-EU	10 months ago	Barracuda ESG zero-day exploited
Securityaffairs	10 months ago	Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841
CERT-EU	10 months ago	Barracuda fixes new ESG zero-day exploited by Chinese hackers
CERT-EU	10 months ago	Barracuda Vulnerabilities: Proactive Response Saves The Day
Pulsedive	10 months ago	Pulsedive Blog \| 2023 in Review
CERT-EU	a year ago	Advanced threat predictions for 2024 – GIXtools
Securelist	a year ago	Kaspersky Security Bulletin: APT predictions 2024
CERT-EU	a year ago	Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 \| Qualys Security Blog
CERT-EU	a year ago	My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
InfoSecurity-magazine	a year ago	FBI: Barracuda Appliances Still Being Exploited By China
CERT-EU	a year ago	Barracuda email gateways in US, Canadian government departments hit: Report \| IT World Canada News
CERT-EU	a year ago	High-profile CVEs turn up in vulnerability exploit sales
CERT-EU	a year ago	High-profile CVEs turn up in vulnerability exploit sales \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting