CVE-2023-7102

critical

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

References

https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf

https://www.cve.org/CVERecord?id=CVE-2023-7101

https://www.barracuda.com/company/legal/esg-vulnerability

https://metacpan.org/dist/Spreadsheet-ParseExcel

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171

https://github.com/haile01/perl_spreadsheet_excel_rce_poc

Details

Source: Mitre, NVD

Published: 2023-12-24

Updated: 2024-01-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical