Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-7102

Published: 24/12/2023 Updated: 09/01/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Email Security Gateway 300 Firmware

Vulnerability Summary

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 up to and including 9.2.1.001, until Barracuda removed the vulnerable logic.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

barracuda email_security_gateway_300_firmware

barracuda email_security_gateway_400_firmware

barracuda email_security_gateway_600_firmware

barracuda email_security_gateway_800_firmware

barracuda email_security_gateway_900_firmware

Vendor Advisories

Check Point Security Alerts: Barracuda Email Security Gateway Remote Code Execution (CVE-2023-7102)
Check Point Reference: CPAI-2023-1417 Date Published: 31 Dec 2023 Severity: High ...
Check Point Security Alerts: Barracuda Email Security Gateway Remote Code Execution (CVE-2023-7102)
Check Point Reference: CPAI-2023-1417 Date Published: 1 Jan 2024 Severity: High ...

Github Repositories

https://github.com/vinzel-ops/vuln-barracuda

Vulnerability of Critical Zero-Day in Barracuda Email Security

Critical Zero-Day Flaw in Barracuda Email Security Gateway (CVE-2023-7102) Overview A severe zero-day vulnerability, designated CVE-2023-7102, has been discovered in the Barracuda Email Security Gateway This flaw enables attackers to execute arbitrary code on vulnerable systems Impact Remote code execution Possible data theft and system compromise Disruption of email service

Recent Articles

Google reveals zero-day exploits in enterprise tech surged 64% last year
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...

Read more...

References

NVD-CWE-Otherhttps://www.barracuda.com/company/legal/esg-vulnerabilityhttps://www.cve.org/CVERecord?id=CVE-2023-7101https://metacpan.org/dist/Spreadsheet-ParseExcelhttps://github.com/haile01/perl_spreadsheet_excel_rce_pochttps://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdhttps://nvd.nist.govhttps://github.com/vinzel-ops/vuln-barracudahttps://www.theregister.co.uk/2024/03/27/surge_in_enterprise_zero_days/https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1417.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook