Ron Bowes<p>We just published our detailed analysis of CVE-2023-2868 (<a href="https://infosec.exchange/tags/cve20232868" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve20232868</span></a> / <a href="https://infosec.exchange/tags/cve_2023_2868" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve_2023_2868</span></a>), a shell command injection vulnerability in the <a href="https://infosec.exchange/tags/Barracuda" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Barracuda</span></a> Secure Email Gateway appliance, including a proof of concept. Big props to <span class="h-card" translate="no"><a href="https://infosec.exchange/@cfield" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cfield</span></a></span> for putting all this together!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> <a href="https://infosec.exchange/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PoC</span></a> <a href="https://infosec.exchange/tags/rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rapid7</span></a></p><p><a href="https://attackerkb.com/topics/2Z0CWopGPX/cve-2023-2868/rapid7-analysis" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">attackerkb.com/topics/2Z0CWopG</span><span class="invisible">PX/cve-2023-2868/rapid7-analysis</span></a></p>