QwikSec

Security Database

CVE

CWE

Training

CVE-2023-7102

Published: Dec 24, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Vendor	Product	Versions
Barracuda Networks Inc.	Barracuda ESG Appliance	affected `5.1.3.001 - <= 9.2.1.001`

Weaknesses (CWE)

References

https://www.barracuda.com/company/legal/esg-vulnerability

https://www.cve.org/CVERecord?id=CVE-2023-7101

https://metacpan.org/dist/Spreadsheet-ParseExcel

https://github.com/haile01/perl_spreadsheet_excel_rce_poc

https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.