Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Barracuda
  • Email Security Gateway 800 Firmware
  • Email Security Gateway 900 Firmware
  • Email Security Gateway 600 Firmware
  • Email Security Gateway 300
  • Email Security Gateway 300 Firmware
  • Email Security Gateway 400 Firmware
  • Email Security Gateway 400
  • Email Security Gateway 900
  • Email Security Gateway 800
  • Email Security Gateway 600

Configuration 1 [-]

AND
cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*
References
Link Resource
https://github.com/haile01/perl_spreadsheet_excel_rce_poc Third Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md Third Party Advisory
https://metacpan.org/dist/Spreadsheet-ParseExcel Product
https://www.barracuda.com/company/legal/esg-vulnerability Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-7101 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: Mandiant

Published: 2023-12-24T21:47:20.453Z

Updated: 2023-12-26T19:23:33.832Z

Reserved: 2023-12-24T17:32:25.423Z

Link: CVE-2023-7102

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-12-24T22:15:08.107

Modified: 2024-01-09T20:07:12.283

Link: CVE-2023-7102

JSON object: View

cve-icon Redhat Information

No data.

CWE