CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Weakness

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Affected Software

Name	Vendor	Start Version	End Version
Email_security_gateway_300_firmware	Barracuda	5.1.3.001 (including)	9.2.1.001 (including)

References

https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
https://metacpan.org/dist/Spreadsheet-ParseExcel
https://www.barracuda.com/company/legal/esg-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-7101
https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
https://metacpan.org/dist/Spreadsheet-ParseExcel
https://www.barracuda.com/company/legal/esg-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-7101

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7102
CWE	https://cwe.mitre.org/data/definitions/1104.html

Use of Unmaintained Third Party Components

Weakness

Affected Software

References