Attacker Value
Very High
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2023-7102

Disclosure Date: December 24, 2023
CVE-2023-7102 CVSS v3 Base Score: 9.8
Exploited in the Wild
Reported by cbeek-r7 and 2 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
Common in enterpriseGives privileged accessObserved in nation state sponsored attacks
Technical Analysis

Rapid7 has confirmed indicators of compromise from this zero-day attack in multiple customer environments. Barracuda has host and network-based IOCs here: https://www.barracuda.com/company/legal/esg-vulnerability

Log in to Add Reply
2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Common in enterpriseGives privileged accessObserved in nation state sponsored attacksUnauthenticatedVulnerable in default configuration
Technical Analysis

During an investigation by Barracuda, it has been found that an attacker exploited a vulnerability known as Arbitrary Code Execution (ACE) in a third-party library called Spreadsheet::ParseExcel. This vulnerability was used to send a malicious Excel file via email to a select group of ESG devices.

The Spreadsheet::ParseExcel library is an open-source tool used in the Amavis virus scanner, which is part of the ESG appliance.

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

In cooperation with Mandiant, Barracuda believes this incident is linked to the ongoing efforts of a group associated with China, known as UNC4841.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Barracuda ESG Appliance not down converted
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • barracuda

Products

  • email security gateway 300 firmware,
  • email security gateway 400 firmware,
  • email security gateway 600 firmware,
  • email security gateway 800 firmware,
  • email security gateway 900 firmware

Exploited in the Wild

Reported by:
Technical Analysis