CVE-2023-2868 PoC — Remote Code injection in Barracuda Email Security Gateway

Source

https://github.com/cfielding-r7/poc-cve-2023-2868

Associated Vulnerability

Title:Remote Code injection in Barracuda Email Security Gateway (CVE-2023-2868)
Description:A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

Readme

# CVE-2023-2868: Barracuda ESG Command Injection 

For full details, read our [AttackerKB Analysis](https://attackerkb.com/topics/2Z0CWopGPX/cve-2023-2868/rapid7-analysis). 

## Usage
Set LHOST and RHOST variables to your listener.

```ruby poc_cve_2023_2868.rb <TARGET_IP>```

This will spawn a reverse shell.

File Snapshot


 [4.0K]  /data/pocs/9e72ce65ebb06b52a0da66d952e52116533cf6ad
├── [2.5K]  poc_cve_2023_2868.rb
└── [ 310]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!