Attacker Value
Very High
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2023-7102

Disclosure Date: December 24, 2023
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Add Assessment

2
Ratings
Technical Analysis

Rapid7 has confirmed indicators of compromise from this zero-day attack in multiple customer environments. Barracuda has host and network-based IOCs here: https://www.barracuda.com/company/legal/esg-vulnerability

2
Ratings
Technical Analysis

During an investigation by Barracuda, it has been found that an attacker exploited a vulnerability known as Arbitrary Code Execution (ACE) in a third-party library called Spreadsheet::ParseExcel. This vulnerability was used to send a malicious Excel file via email to a select group of ESG devices.

The Spreadsheet::ParseExcel library is an open-source tool used in the Amavis virus scanner, which is part of the ESG appliance.

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

In cooperation with Mandiant, Barracuda believes this incident is linked to the ongoing efforts of a group associated with China, known as UNC4841.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • barracuda

Products

  • email security gateway 300 firmware,
  • email security gateway 400 firmware,
  • email security gateway 600 firmware,
  • email security gateway 800 firmware,
  • email security gateway 900 firmware

Exploited in the Wild

Reported by:
Technical Analysis