Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

0
Medium
VulnerabilityCVE-2023-2868type:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clear
Published: Tue Aug 29 2023 (08/29/2023, 00:00:00 UTC)
Source: CIRCL
Vendor/Project: type
Product: osint

Description

CVE-2023-2868 is a medium-severity zero-day vulnerability affecting Barracuda Email Security Gateway (ESG) products, exploited by the UNC4841 threat group. Although no public exploits or patches currently exist, the vulnerability enables network activity and payload delivery that could compromise confidentiality and integrity. UNC4841 is known for persistent operations, indicating ongoing targeting of affected systems. European organizations, particularly in critical infrastructure sectors with significant Barracuda ESG deployments, should increase vigilance. Enhanced network monitoring, anomaly detection, and strict access controls are recommended mitigations. Germany, France, and the UK are the most likely affected countries due to market penetration and strategic importance. The threat requires careful attention despite the absence of known exploits, as the potential impact and persistence of the threat actor pose moderate risk. Authentication requirements and user interaction details remain unclear, influencing the medium severity rating. Immediate patching is not possible, so proactive detection and containment are critical.

AI-Powered Analysis

AILast updated: 10/28/2025, 19:19:49 UTC

Technical Analysis

CVE-2023-2868 is a zero-day vulnerability identified in Barracuda Email Security Gateway (ESG) products, exploited by the UNC4841 threat group, a known advanced persistent threat actor. The vulnerability allows for unauthorized network activity and payload delivery, potentially compromising the confidentiality and integrity of affected systems. While no public exploits or patches are currently available, the exploitation by UNC4841 indicates active targeting and exploitation attempts in the wild. The lack of detailed technical specifics on the vulnerability vector or affected versions limits immediate remediation options. UNC4841’s operations typically involve stealthy, persistent access to targeted networks, often focusing on critical infrastructure and high-value sectors. The vulnerability’s exploitation could enable attackers to deliver malicious payloads, conduct reconnaissance, or establish footholds within victim networks. The medium severity rating reflects the moderate impact potential, absence of public exploits, and unclear requirements for authentication or user interaction. European organizations using Barracuda ESG products, especially in sectors with high market penetration, face increased risk. The threat underscores the need for enhanced network monitoring, anomaly detection, and strict access controls to detect and mitigate potential exploitation attempts until official patches are released.

Potential Impact

The exploitation of CVE-2023-2868 could lead to unauthorized network activity and payload delivery within affected Barracuda ESG deployments, risking the confidentiality and integrity of organizational data. For European organizations, particularly those in critical infrastructure, finance, and government sectors, this could result in data breaches, disruption of email security services, and potential lateral movement by attackers within internal networks. The persistent nature of UNC4841 operations increases the likelihood of prolonged undetected access, which could facilitate espionage, data exfiltration, or preparation for further attacks. The absence of patches and public exploits reduces immediate widespread impact but necessitates heightened vigilance. Organizations relying heavily on Barracuda ESG products may experience targeted attacks aiming to exploit this vulnerability, potentially affecting operational continuity and trust in email security. The impact is compounded in countries with significant Barracuda ESG market share and strategic geopolitical importance, where attackers may prioritize high-value targets.

Mitigation Recommendations

1. Implement enhanced network traffic monitoring focused on Barracuda ESG devices to detect unusual or unauthorized activity indicative of exploitation attempts. 2. Deploy advanced anomaly detection systems capable of identifying deviations from normal email gateway behavior, including unusual payload deliveries or command and control communications. 3. Enforce strict access controls and network segmentation around Barracuda ESG appliances to limit exposure and lateral movement opportunities. 4. Maintain up-to-date threat intelligence feeds to monitor UNC4841 activity and emerging exploitation techniques. 5. Conduct regular security audits and penetration testing of email security infrastructure to identify potential weaknesses. 6. Prepare incident response plans specifically addressing potential exploitation of CVE-2023-2868, including containment and eradication procedures. 7. Engage with Barracuda support and monitor vendor communications for forthcoming patches or mitigations. 8. Educate security teams on UNC4841 tactics, techniques, and procedures (TTPs) to improve detection and response capabilities. 9. Consider deploying additional email security layers or alternative solutions temporarily if risk exposure is high. 10. Restrict administrative access to ESG devices using multi-factor authentication and limit privileges to essential personnel only.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
2
Uuid
fb6f4727-4993-4cc0-a177-56e37a0eddde
Original Timestamp
1693320156

Indicators of Compromise

Vulnerability

ValueDescriptionCopy
vulnerabilityCVE-2023-2868
vulnerabilityCVE-2023-2868

Domain

ValueDescriptionCopy
domainxxl17z.dnslog.cn
domainmx01.bestfindthetruth.com
domaintroublendsef.com
domaintogetheroffway.com
domainsingnode.com
domainsingamofing.com
domaingoldenunder.com
domaingesturefavour.com
domainfessionalwork.com
domainbestfindthetruth.com

Ip

ValueDescriptionCopy
ip64.176.7.59
ip64.176.4.234
ip51.91.79.17
ip45.154.253.154
ip45.154.253.153
ip45.148.16.46
ip45.148.16.42
ip38.60.254.165
ip38.54.113.205
ip38.54.1.82
ip37.9.35.217
ip23.224.78.134
ip23.224.78.133
ip23.224.78.132
ip23.224.78.131
ip23.224.78.130
ip23.224.42.29
ip216.238.112.82
ip213.156.153.34
ip199.247.23.80
ip198.2.254.223
ip198.2.254.222
ip198.2.254.221
ip198.2.254.220
ip198.2.254.219
ip195.234.82.132
ip192.74.254.229
ip192.74.226.142
ip185.243.41.209
ip182.239.114.254
ip155.94.160.95
ip139.84.227.9
ip137.175.78.66
ip137.175.60.253
ip137.175.60.252
ip137.175.53.218
ip137.175.53.170
ip137.175.53.17
ip137.175.51.147
ip137.175.30.86
ip137.175.30.36
ip137.175.28.251
ip137.175.19.25
ip113.52.106.3
ip107.148.223.196
ip107.148.219.55
ip107.148.219.53
ip107.148.219.227
ip104.223.20.222
ip103.93.78.142
ip103.77.192.13
ip103.27.108.62
ip101.229.146.218
ip45.63.76.67
Scanning host
ip155.94.160.72
Scanning host
ip107.173.62.158
Scanning host
ip107.148.219.54
Scanning host
ip104.156.229.226
Scanning host
ip103.77.192.88
Scanning host
ip103.146.179.101
Scanning host
ip182.239.114.135
Scanning host
ip107.148.149.156
Scanning host

Hash

ValueDescriptionCopy
hashf289b565839794fe4f450ed0c9343b8fb699f97544d9af2a60851abc8b4656e0
hashcaab341a35badbc65046bd02efa9ad2fe2671eb80ece0f2fa9cf70f5d7f4bedc
hashca72fa64ed0a9c22d341a557c6e7c1b6a7264b0c4de0b6f717dd44bddf550bca
hash9f04525835f998d454ed68cfc7fcb6b0907f2130ae6c6ab7495d41aa36ad8ccf
hash9bb7addd96f99a29658aca9800b66046823c5ef0755e29012983db6f06a999cf
hash949d4b01f31256e5e9c2b04e557dcca0a25fc2f6aa3618936befc7525e1df788
hash8c5c8e7b3f8ab6651b906356535bf45992d6984d8ed8bd600a1a056a00e5afcb
hash8849a3273e0362c45b4928375d196714224ec22cb1d2df5d029bf57349860347
hash83ca636253fd1eb898b244855838e2281f257bbe8ead428b69528fc50b60ae9c
hash601f44cc102ae5a113c0b5fe5d18350db8a24d780c0ff289880cc45de28e2b80
hash56e8066bf83ff6fe0cec92aede90f6722260e0a3f169fc163ed88589bffd7451
hash4028eadf4c27b4007930606551e3a32b2af23d746d5b866cc1c6587e7fd0d776
hash3ff3250e07ad74fa419e4a8d6564357b22683d152cd8e9f106c8da3751ea9ff3
hash3f26a13f023ad0dcd7f2aa4e7771bba74910ee227b4b36ff72edc5f07336f115
hash2a5de691243f2b91f164c3021c157fbd783b4f3e7d5f5950182e52ec868cd40b
hash1c6cad0ed66cf8fd438974e1eac0bc6dd9119f84892930cb71cb56a5e985f0a4
hashfda9dfa7b41a05c6ae32f71f2b31a5d56d7eca9b
hashdc5841d8ed9ab8a5f3496f2258eafb1e0cedf4d3
hashcf22082532d4d6387ea1c9bc4dc5b255aa7a0290
hashc71d363472d927cf13674e95b79d4d38b3fed754
hashc637a9ce65083b21c834e7a68bd1bc51b412fa11
hash87df97d6214aecb5c395d84c3a35f359a90ad716
hash77b1864c489affe0ac2284135050373951b7987e
hash6505513ca06db10b17f6d4792c30a53733309231
hash5ce46efc6b28bd94955138833dc97916957dbde1
hash290e5cb4d32f97963bdc95ef2cc4b44a4de5666d
hash254b6bcbc5f60e30c596c263b8a4f393badbf1aa
hash1cca66cb1f4527eaffbcfeb2237922c93b332d64
hash191e16b564c66b3db67f837e1dc5eac98ff9b9ef
hash1903a3553bcb291579206b39e7818c77e2c07054
hash10b621c5e07648bd7a7391e569aa62a510be82f4
hash0ea36676bd7169bcbf432f721c4edb5fde0a46a9
hashff005f1ff98ec1cd678785baa0386bd1
hashfe1e2d676c91f899b706682b70176983
hashfe031a93c84aa3d01e2223a6bb988fa0
hashf6857841a255b3b4e4eded7a66438696
hashf667939000c941e5b9dc91303c98b7fc
hashf5ab04a920302931a8bd063f27b745cc
hashef00c92fa005c2f61ec23d5278a8fa25
hashed648c366b6e564fc636c072bbcac907
hashec0d46b2aa7adfdff10a671a77aeb2ae
hashe80a85250263d58cc1a1dc39d6cf3942
hashe68cd991777118d76e7bce163d8a2bc1
hashe52871d82de01b7e7f134c776703f696
hashe4e86c273a2b67a605f5d4686783e0cc
hashdde2d3347b76070fff14f6c0412f95ba
hashdb4c48921537d67635bb210a9cb5bb52
hashda06e7c32f070a9bb96b720ef332b50b
hashd8e748b1b609d376f57343b2bde94b29
hashd81263e6872cc805e6cf4ca05d86df4e
hashd1392095086c07bd8d2ef174cb5f6ca8
hashd098fe9674b6b4cb540699c5eb452cb5
hashce67bb99bc1e26f6cb1f968bc1b1ec21
hashcd2813f0260d63ad5adf0446253c2576
hashcd2813f0260d63ad5adf0446253c2172
hashcb0f7f216e8965f40a724bc15db7510b
hashc9ae8bfd08f57d955465f23a5f1c09a4
hashc979e8651c1f40d685be2f66e8c2c610
hashc7a89a215e74104682880def469d4758
hashc5c93ba36e079892c1123fe9dffd660f
hashc56d7b86e59c5c737ee7537d7cf13df1
hashc528b6398c86f8bdcfa3f9de7837ebfe
hashc2e577c71d591999ad5c581e49343093
hashbef722484288e24258dd33922b1a7148
hashba7af4f98d85e5847c08cf6cefdf35dc
hashb860198feca7398bc79a8ec69afc65ed
hashb745626b36b841ed03eddfb08e6bb061
hashb601fce4181b275954e3f35b18996c92
hashb354111afc9c6c26c1475e761d347144
hashad1dc51a66201689d442499f70b78dea
hashac4fb6d0bfc871be6f68bfa647fc0125
hasha45ca19435c2976a29300128dc410fd4
hasha28de396aa91b7faca35e861b634c502
hasha08a99e5224e1baf569fda816c991045
hash9bc6d6af590e7d94869dee1d33cc1cae
hash9aa90d767ba0a3f057653aadcb75e579
hash94b6f76da938ef855a91011f16252d59
hash9033dc5bac76542b9b752064a56c6ee4
hash8fdf3b7dc6d88594b8b5173c1aa2bc82
hash8fc03800c1179a18fbd58d746596fa7d
hash8f1c40bd3ab33d517839ca17591d8666
hash881b7846f8384c12c7481b23011d8e45
hash878cf1de91f3ae543fd290c31adcbda4
hash87847445f9524671022d70f2a812728f
hash85c5b6c408e4bdb87da6764a75008adf
hash858174c8f4a45e9564382d4480831c6b
hash8406f74ac2c57807735a9b86f61da9f9
hash831d41ba2a0036540536c2f884d089f9
hash830fca78440780aef448c862eee2a8ac
hash82eaf69de710abdc5dea7cd5cb56cf04
hash827d507aa3bde0ef903ca5dec60cdec8
hash806250c466824a027e3e85461dc672db
hash7ebd5f3e800dcd0510cfcbe2351d3838
hash7d7fd05b262342a9e8237ce14ec41c3b
hash76811232ede58de2faf6aca8395f8427
hash724079649f690ca1ee80b8b3125b58b9
hash6f79ef58b354fd33824c96625590c244
hash69ef9a9e8d0506d957248e983d22b0d5
hash694cdb49879f1321abb4605adf634935
hash683acdb559bbc7fb64431d1f579a8104
hash67a4556b021578e0a421fdc251f07e04
hash666da297066a2596cacb13b3da9572bf
hash64c690f175a2d2fe38d3d7c0d0ddbb6e
hash61514ac639721a51e98c47f2ac3afe81
hash5fdee67c82f5480edfa54afc5a9dc834
hash5d6cba7909980a7b424b133fbac634ac
hash5392fb400bd671d4b185fb35a9b23fd3
hash4ec4ceda84c580054f191caa09916c68
hash4cd0f3219e98ac2e9021b06af70ed643
hash4ca4f582418b2cc0626700511a6315c0
hash4c1c2db989e0e881232c7748593d291e
hash4b511567cfa8dbaa32e11baf3268f074
hash479315620c9a5a62a745ab586ba7b78c
hash45b79949276c9cb9cf5dc72597dc1006
hash4495cb72708f486b734de6b6c6402aba
hash446f3d71591afa37bbd604e2e400ae8b
hash436587bad5e061a7e594f9971d89c468
hash42722b7d04f58dcb8bd80fe41c7ea09e
hash407738e565b4e9dafb07b782ebcf46b0
hash3e3f72f99062255d6320d5e686f0e212
hash3c20617f089fe5cc9ba12c43c6c072f5
hash3b93b524db66f8bb3df8279a141734bb
hash35cf6faf442d325961935f660e2ab5a0
hash35a432e40da597c7ab63ff16b09d19d8
hash349ca242bc6d2652d84146f5f91c3dbb
hash336c12441b7a678280562729c974a840
hash32ffe48d1a8ced49c53033eb65eff6f3
hash3273a29d15334efddd8276af53c317fb
hash2e30520f8536a27dd59eabbcb8e3532a
hash2d841cb153bebcfdee5c54472b017af2
hash2ccb9759800154de817bf779a52d48f8
hash23f4f604f1a05c4abf2ac02f976b746b

Text

ValueDescriptionCopy
textA remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
textCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
textPublished
textImproper Neutralization of Special Elements used in a Command ('Command Injection')
textDraft
textClass
text76
textManipulating Web Input to File System Calls
textAn attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
textProgram must allow for user controlled variables to be applied directly to the filesystem
textDesign: Enforce principle of least privilege. Design: Ensure all input is validated, and does not contain file system commands Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.
text248
textCommand Injection
textAn adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.
textThe target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed.
textAll user-controllable input should be validated and filtered for potentially unwanted characters. Using an allowlist for input is desired, but if use of a denylist approach is necessary, then focusing on command related terms and delimiters is necessary. Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter. Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself.
text40
textManipulating Writeable Terminal Devices
textThis attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.
textUser terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.
textDesign: Ensure that terminals are only writeable by named owner user and/or administrator Design: Enforce principle of least privilege
text43
textExploiting Multiple Input Interpretation Layers
textAn attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
textUser input is used to construct a command to be executed on the target system or as part of the file name. Multiple parser passes are performed on the data supplied by the user.
textAn iterative approach to input validation may be required to ensure that no dangerous characters are present. It may be necessary to implement redundant checking across different input validation layers. Ensure that invalid data is rejected as soon as possible and do not continue to work with it. Make sure to perform input validation on canonicalized data (i.e. data that is data in its most standard form). This will help avoid tricky encodings getting past the filters. Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist would not be permitted to enter into the system.
text136
textLDAP Injection
textAn attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
textThe target application must accept a string as user input, fail to sanitize characters that have a special meaning in LDAP queries in the user input, and insert the user-supplied string in an LDAP query which is then processed.
textStrong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content. Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application.
text15
textCommand Delimiters
textAn attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
textSoftware's input validation or filtering must not detect and block presence of additional malicious command.
textDesign: Perform allowlist validation against a positive specification for command length, type, and parameters. Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account Implementation: Perform input validation for all remote content. Implementation: Use type conversions such as JDBC prepared statements.
text183
textIMAP/SMTP Command Injection
textAn attacker exploits weaknesses in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.
textThe target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker. The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server. The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server.
text75
textManipulating Writeable Configuration Files
textGenerally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
textConfiguration files must be modifiable by the attacker
textDesign: Enforce principle of least privilege Design: Backup copies of all configuration files Implementation: Integrity monitoring for configuration files Implementation: Enforce audit logging on code and configuration promotion procedures. Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD
textBlog

Datetime

ValueDescriptionCopy
datetime2023-06-01T20:14:00+00:00
datetime2023-05-24T19:15:00+00:00

Float

ValueDescriptionCopy
float9.8

Cpe

ValueDescriptionCopy
cpecpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*
cpecpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*
cpecpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*
cpecpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*
cpecpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*
cpecpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*
cpecpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*
cpecpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*
cpecpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*
cpecpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*

Link

ValueDescriptionCopy
linkhttps://status.barracuda.com/incidents/34kx82j5n4q9
linkhttps://www.barracuda.com/company/legal/esg-vulnerability
linkhttps://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation

Weakness

ValueDescriptionCopy
weaknessCWE-77
weaknessCWE-15
weaknessCWE-22
weaknessCWE-23
weaknessCWE-264
weaknessCWE-272
weaknessCWE-285
weaknessCWE-346
weaknessCWE-348
weaknessCWE-59
weaknessCWE-715
weaknessCWE-73
weaknessCWE-74
weaknessCWE-77
weaknessCWE-77
weaknessCWE-77
weaknessCWE-171
weaknessCWE-179
weaknessCWE-181
weaknessCWE-183
weaknessCWE-184
weaknessCWE-20
weaknessCWE-697
weaknessCWE-707
weaknessCWE-74
weaknessCWE-77
weaknessCWE-78
weaknessCWE-20
weaknessCWE-77
weaknessCWE-90
weaknessCWE-138
weaknessCWE-140
weaknessCWE-146
weaknessCWE-154
weaknessCWE-157
weaknessCWE-184
weaknessCWE-185
weaknessCWE-697
weaknessCWE-713
weaknessCWE-77
weaknessCWE-78
weaknessCWE-93
weaknessCWE-77
weaknessCWE-346
weaknessCWE-349
weaknessCWE-353
weaknessCWE-354
weaknessCWE-713
weaknessCWE-77
weaknessCWE-99

Threat ID: 682acdbebbaf20d303f0dc1c

Added to database: 5/19/2025, 6:20:46 AM

Last enriched: 10/28/2025, 7:19:49 PM

Last updated: 11/30/2025, 4:51:53 AM

Views: 90

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-66432: CWE-420 Unprotected Alternate Channel in Oxide Omicron

Medium
VulnerabilitySun Nov 30 2025

CVE-2025-13782: SQL Injection in taosir WTCMS

Medium
VulnerabilitySun Nov 30 2025

CVE-2025-66424: CWE-863 Incorrect Authorization in Tryton trytond

Medium
VulnerabilitySun Nov 30 2025

CVE-2025-66422: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak') in Tryton trytond

Medium
VulnerabilitySun Nov 30 2025

CVE-2025-66421: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Tryton sao

Medium
VulnerabilitySun Nov 30 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats