CVE-2023-7102
Remote Code Execution (RCE) Vulnerability
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Affected products
Barracuda Networks Inc. · Barracuda ESG ApplianceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/haile01/perl_spreadsheet_excel_rce_pochttps://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdhttps://metacpan.org/dist/Spreadsheet-ParseExcelhttps://www.barracuda.com/company/legal/esg-vulnerabilityhttps://www.cve.org/CVERecord?id=CVE-2023-7101