Description
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Affected products
- Barracuda Networks Inc. / Barracuda ESG Appliance5.1.3.001 – 9.2.1.001
References
- MISChttps://www.barracuda.com/company/legal/esg-vulnerability
- CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2023-7101
- MISChttps://metacpan.org/dist/Spreadsheet-ParseExcel
- MISChttps://github.com/haile01/perl_spreadsheet_excel_rce_poc
- MISChttps://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- MISChttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md