TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-7102

CRITICAL
9.8

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/24/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

barracuda:email_security_gateway_300barracuda:email_security_gateway_300_firmwarebarracuda:email_security_gateway_400barracuda:email_security_gateway_400_firmwarebarracuda:email_security_gateway_600barracuda:email_security_gateway_600_firmwarebarracuda:email_security_gateway_800barracuda:email_security_gateway_800_firmwarebarracuda:email_security_gateway_900barracuda:email_security_gateway_900_firmware

Faiblesses (CWE)

CWE-1104

References

https://github.com/haile01/perl_spreadsheet_excel_rce_poc(mandiant-cve@google.com)
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171(mandiant-cve@google.com)
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md(mandiant-cve@google.com)
https://metacpan.org/dist/Spreadsheet-ParseExcel(mandiant-cve@google.com)
https://www.barracuda.com/company/legal/esg-vulnerability(mandiant-cve@google.com)
https://www.cve.org/CVERecord?id=CVE-2023-7101(mandiant-cve@google.com)
https://github.com/haile01/perl_spreadsheet_excel_rce_poc(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md(af854a3a-2127-422b-91ae-364da2661108)
https://metacpan.org/dist/Spreadsheet-ParseExcel(af854a3a-2127-422b-91ae-364da2661108)
https://www.barracuda.com/company/legal/esg-vulnerability(af854a3a-2127-422b-91ae-364da2661108)
https://www.cve.org/CVERecord?id=CVE-2023-7101(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.