CVE-2023-7102

CVSS V2 None CVSS V3 None

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Overview

CVE ID
CVE-2023-7102

Assigner
Mandiant

Vulnerability Status
PUBLISHED

Published Version
2023-12-24T21:47:20.453Z

Last Modified Date
2023-12-26T19:23:33.832Z

Weakness Enumerations

CWE	URL
CWE-1104	http://cwe.mitre.org/data/definitions/1104.html

References

Reference URL	Reference Tags
https://www.barracuda.com/company/legal/esg-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-7101
https://metacpan.org/dist/Spreadsheet-ParseExcel
https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-7102
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7102

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 02:48:18				Added to TrackCVE