CVE-2023-7102
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0891
Percentile
0,9th
Updated
EPSS Score Trend (Last 90 Days)
1104
Use of Unmaintained Third Party Components
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Reduce Maintainability
Varies By Context
Applicable Platforms
Technologies:
Not Technology-Specific, ICS/OT
Operating System
Email Security Gateway 400 Firmware by Barracuda
Version Range Affected
From
5.1.3.001
(inclusive)
To
9.2.1.001
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Email Security Gateway 900 Firmware by Barracuda
Version Range Affected
From
5.1.3.001
(inclusive)
To
9.2.1.001
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Email Security Gateway 600 Firmware by Barracuda
Version Range Affected
From
5.1.3.001
(inclusive)
To
9.2.1.001
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Email Security Gateway 800 Firmware by Barracuda
Version Range Affected
From
5.1.3.001
(inclusive)
To
9.2.1.001
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Email Security Gateway 300 Firmware by Barracuda
Version Range Affected
From
5.1.3.001
(inclusive)
To
9.2.1.001
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150…
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-202…
https://metacpan.org/dist/Spreadsheet-ParseExcel
https://www.barracuda.com/company/legal/esg-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-7101
https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150…
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-202…
https://metacpan.org/dist/Spreadsheet-ParseExcel
https://www.barracuda.com/company/legal/esg-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-7101