Find Vulnerable Barracuda Email Security Gateway Appliances in Your Network
Barracuda is investigating a critical vulnerability in their Email Security Gateway appliances. The remote command injection vulnerability was discovered on the 19th of May but has been actively exploited since October. Patches have been released that address the vulnerability. However, any devices that have already been impacted by the exploits should be replaced immediately. You can read the full story on our Barracuda ESG Vulnerability Blog Post.
The insight page below will help you find all Barracuda ESG appliances in your network. Make sure to apply the patches as soon as possible to protect your network and keep an eye out for impacted devices.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.description,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.Manufacturer Like '%Barracuda%' And
(tblAssetCustom.Model Like '%Email Security Gateway%' Or
tblAssetCustom.Model Like '%ESG%')
And tblState.Statename = 'Active'
Order By tblAssetCustom.Model, tblAssets.IPAddress;
