CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Weakness

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Affected Software

Extended Description

Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. In effect, unmaintained code can become obsolete. This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

References

• https://github.com/haile01/perl_spreadsheet_excel_rce_poc
• https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
• https://metacpan.org/dist/Spreadsheet-ParseExcel
• https://www.barracuda.com/company/legal/esg-vulnerability
• https://www.cve.org/CVERecord?id=CVE-2023-7101
• https://github.com/haile01/perl_spreadsheet_excel_rce_poc
• https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
• https://metacpan.org/dist/Spreadsheet-ParseExcel
• https://www.barracuda.com/company/legal/esg-vulnerability
• https://www.cve.org/CVERecord?id=CVE-2023-7101