Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
[
{
"defaultStatus": "unaffected",
"product": "Barracuda ESG Appliance",
"vendor": "Barracuda Networks Inc.",
"versions": [
{
"changes": [
{
"at": "Patched in all active versions by security update removing the vulnerable logic.",
"status": "affected"
}
],
"lessThanOrEqual": "9.2.1.001",
"status": "affected",
"version": "5.1.3.001",
"versionType": "custom"
}
]
}
]
github.com/haile01/perl_spreadsheet_excel_rce_poc
github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
metacpan.org/dist/Spreadsheet-ParseExcel
www.barracuda.com/company/legal/esg-vulnerability
www.cve.org/CVERecord?id=CVE-2023-7101