Barracude ESG vulnerability
2023-06-08 20:57:33.566162+02 by Dan Lyke 0 comments
Whoah! What happens when you can't guarantee that your boot is coming from completely clean media: Barracuda Networks Email Security Gateway Appliance Vulnerability:
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now [elided]
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.
I mean, we know that when you can field upgrade the BIOS you can get devices into this kind of a state, but that's a very strong argument for the BIOS to be little more than a boot sector loader. Instead we seem to be going to more and more BIOS capabilities...