CVE-2023-7102
Remote Code Execution (RCE) Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
El uso de una librería de terceros produjo una vulnerabilidad en el dispositivo Barracuda ESG de Barracuda Networks Inc. que permitía la inyección de parámetros. Este problema afectó al dispositivo Barracuda ESG, desde la versión 5.1.3.001 hasta la 9.2.1.001, hasta que Barracuda eliminó la lógica vulnerable.
*Credits:
Barracuda Networks Inc. - https://www.barracuda.com/, Barracuda Networks Inc. - https://www.barracuda.com/, Barracuda Networks Inc. - https://www.barracuda.com/
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-24 CVE Reserved
- 2023-12-24 CVE Published
- 2024-01-10 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1104: Use of Unmaintained Third Party Components
CAPEC
- CAPEC-137: Parameter Injection
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/haile01/perl_spreadsheet_excel_rce_poc | Third Party Advisory | |
| https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 | Product | |
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md | Third Party Advisory | |
| https://metacpan.org/dist/Spreadsheet-ParseExcel | Product | |
| https://www.cve.org/CVERecord?id=CVE-2023-7101 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.barracuda.com/company/legal/esg-vulnerability | 2024-01-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Barracuda Search vendor "Barracuda" | Email Security Gateway 300 Firmware Search vendor "Barracuda" for product "Email Security Gateway 300 Firmware" | >= 5.1.3.001 <= 9.2.1.001 Search vendor "Barracuda" for product "Email Security Gateway 300 Firmware" and version " >= 5.1.3.001 <= 9.2.1.001" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Email Security Gateway 300 Search vendor "Barracuda" for product "Email Security Gateway 300" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | Email Security Gateway 400 Firmware Search vendor "Barracuda" for product "Email Security Gateway 400 Firmware" | >= 5.1.3.001 <= 9.2.1.001 Search vendor "Barracuda" for product "Email Security Gateway 400 Firmware" and version " >= 5.1.3.001 <= 9.2.1.001" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Email Security Gateway 400 Search vendor "Barracuda" for product "Email Security Gateway 400" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | Email Security Gateway 600 Firmware Search vendor "Barracuda" for product "Email Security Gateway 600 Firmware" | >= 5.1.3.001 <= 9.2.1.001 Search vendor "Barracuda" for product "Email Security Gateway 600 Firmware" and version " >= 5.1.3.001 <= 9.2.1.001" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Email Security Gateway 600 Search vendor "Barracuda" for product "Email Security Gateway 600" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | Email Security Gateway 800 Firmware Search vendor "Barracuda" for product "Email Security Gateway 800 Firmware" | >= 5.1.3.001 <= 9.2.1.001 Search vendor "Barracuda" for product "Email Security Gateway 800 Firmware" and version " >= 5.1.3.001 <= 9.2.1.001" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Email Security Gateway 800 Search vendor "Barracuda" for product "Email Security Gateway 800" | - | - |
Safe
|
| Barracuda Search vendor "Barracuda" | Email Security Gateway 900 Firmware Search vendor "Barracuda" for product "Email Security Gateway 900 Firmware" | >= 5.1.3.001 <= 9.2.1.001 Search vendor "Barracuda" for product "Email Security Gateway 900 Firmware" and version " >= 5.1.3.001 <= 9.2.1.001" | - |
Affected
| in | Barracuda Search vendor "Barracuda" | Email Security Gateway 900 Search vendor "Barracuda" for product "Email Security Gateway 900" | - | - |
Safe
|