CVE-2023-7102

high-risk

Published 2023-12-24

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Do I need to act?

8.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Email Security Gateway 300 Firmware

Email Security Gateway 400 Firmware

Email Security Gateway 600 Firmware

Email Security Gateway 800 Firmware

Email Security Gateway 900 Firmware

Affected Vendors

Barracuda

References (12)

Third Party Advisory https://github.com/haile01/perl_spreadsheet_excel_rce_poc

Product https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150c...

Third Party Advisory https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023...

Product https://metacpan.org/dist/Spreadsheet-ParseExcel

Vendor Advisory https://www.barracuda.com/company/legal/esg-vulnerability

Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2023-7101

Third Party Advisory https://github.com/haile01/perl_spreadsheet_excel_rce_poc

Product https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150c...

Third Party Advisory https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023...

Product https://metacpan.org/dist/Spreadsheet-ParseExcel

Vendor Advisory https://www.barracuda.com/company/legal/esg-vulnerability

Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2023-7101

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 10/34 · Low

Exposure 12/34 · Low