Lucene search
MandiantCVELIST:CVE-2023-7102HistoryDec 24, 2023 - 9:47 p.m.
CVE-2023-7102 Remote Code Execution (RCE) Vulnerability
2023-12-2421:47:20
CWE-1104
Mandiant
www.cve.org
3
cve-2023-7102
remote code execution
barracuda networks inc
parameter injection
vulnerability
third party library
barracuda esg appliance
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Barracuda ESG Appliance",
"vendor": "Barracuda Networks Inc.",
"versions": [
{
"changes": [
{
"at": "Patched in all active versions by security update removing the vulnerable logic.",
"status": "affected"
}
],
"lessThanOrEqual": "9.2.1.001",
"status": "affected",
"version": "5.1.3.001",
"versionType": "custom"
}
]
}
]References
github.com/haile01/perl_spreadsheet_excel_rce_poc
github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
metacpan.org/dist/Spreadsheet-ParseExcel
www.barracuda.com/company/legal/esg-vulnerability
www.cve.org/CVERecord?id=CVE-2023-7101
Related
prion
prion
Design/Logic Flaw
2023-12-24 22:15:00
nvd
nvd
CVE-2023-7102
2023-12-24 22:15:08
hivepro
hivepro
Barracuda Fixes ACE Zero-day Vulnerability Exploited by Attackers
2023-12-29 04:05:51
cve
cve
CVE-2023-7102
2023-12-24 22:15:08
attackerkb
attackerkb
CVE-2023-7102
2023-12-24 00:00:00
CVE-2023-2868
2023-07-05 00:00:00
thn
thn
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
2023-12-27 12:35:00