Vulnerabilities > CVE-2023-7102 - Unspecified vulnerability in Barracuda products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| Hardware | 5 |
Related news
References
- https://www.barracuda.com/company/legal/esg-vulnerability
- https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://metacpan.org/dist/Spreadsheet-ParseExcel
- https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md