CVE-2023-7102 — CRITICAL (9.8)

Q: How severe is CVE-2023-7102?

CVE-2023-7102 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-7102?

Check the references section above for vendor advisories and patch information. Affected products include: Barracuda Email Security Gateway 300 Firmware, Barracuda Email Security Gateway 300, Barracuda Email Security Gateway 400 Firmware, Barracuda Email Security Gateway 400, Barracuda Email Security Gateway 600 Firmware.

Vulnerability Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Barracuda	Email Security Gateway 300 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 300	-
Barracuda	Email Security Gateway 400 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 400	-
Barracuda	Email Security Gateway 600 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 600	-
Barracuda	Email Security Gateway 800 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 800	-
Barracuda	Email Security Gateway 900 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 900	-

Related Weaknesses (CWE)

CWE-1104

References

https://github.com/haile01/perl_spreadsheet_excel_rce_pocThird Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cProduct
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023Third Party Advisory
https://metacpan.org/dist/Spreadsheet-ParseExcelProduct
https://www.barracuda.com/company/legal/esg-vulnerabilityVendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-7101Third Party Advisory
https://github.com/haile01/perl_spreadsheet_excel_rce_pocThird Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cProduct
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023Third Party Advisory
https://metacpan.org/dist/Spreadsheet-ParseExcelProduct
https://www.barracuda.com/company/legal/esg-vulnerabilityVendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-7101Third Party Advisory

FAQ

What is CVE-2023-7102?

CVE-2023-7102 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 t...

How severe is CVE-2023-7102?

CVE-2023-7102 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-7102?

Check the references section above for vendor advisories and patch information. Affected products include: Barracuda Email Security Gateway 300 Firmware, Barracuda Email Security Gateway 300, Barracuda Email Security Gateway 400 Firmware, Barracuda Email Security Gateway 400, Barracuda Email Security Gateway 600 Firmware.