Barracuda has initiated an investigation and determined that the vulnerability led to unauthorized access to a specific subset of email gateway appliances. Affected users have been notified through the ESG user interface and provided with guidance on necessary actions to mitigate the impact. Furthermore, Barracuda has personally reached out to these customers to provide assistance and support.
It is important to note that the zero-day vulnerability solely affected Barracuda’s Email Security Gateway (ESG) product and did not impact customers’ corporate networks. As a precautionary measure, Barracuda has advised its clients to conduct a thorough review of their environment to ensure that the attackers did not exploit the vulnerability to gain access to other endpoints within their networks.
