Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
References
Link | Resource |
---|---|
https://github.com/haile01/perl_spreadsheet_excel_rce_poc | Third Party Advisory |
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | Product |
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | Third Party Advisory |
https://metacpan.org/dist/Spreadsheet-ParseExcel | Product |
https://www.barracuda.com/company/legal/esg-vulnerability | Vendor Advisory |
https://www.cve.org/CVERecord?id=CVE-2023-7101 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mandiant
Published: 2023-12-24T21:47:20.453Z
Updated: 2023-12-26T19:23:33.832Z
Reserved: 2023-12-24T17:32:25.423Z
Link: CVE-2023-7102
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-24T22:15:08.107
Modified: 2024-01-09T20:07:12.283
Link: CVE-2023-7102
JSON object: View
Redhat Information
No data.