9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
Low
0.053 Low
EPSS
Percentile
93.1%
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Recent assessments:
ccondon-r7 at January 08, 2024 5:34pm UTC reported:
Rapid7 has confirmed indicators of compromise from this zero-day attack in multiple customer environments. Barracuda has host and network-based IOCs here: <https://www.barracuda.com/company/legal/esg-vulnerability>
cbeek-r7 at December 26, 2023 10:10am UTC reported:
Rapid7 has confirmed indicators of compromise from this zero-day attack in multiple customer environments. Barracuda has host and network-based IOCs here: <https://www.barracuda.com/company/legal/esg-vulnerability>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7102
github.com/haile01/perl_spreadsheet_excel_rce_poc
github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
metacpan.org/dist/Spreadsheet-ParseExcel
www.barracuda.com/company/legal/esg-vulnerability
www.cve.org/CVERecord?id=CVE-2023-7101
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
Low
0.053 Low
EPSS
Percentile
93.1%