What is CVE-2023-7102?

CVE-2023-7102 is a vulnerability in Barracuda Networks Inc. Esg Appliance, classified under CWE-1104. Published 2023-12-24.

Is CVE-2023-7102 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Barracuda Networks Inc. Esg Appliance

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda remov…

EPSS: 0.827 (99.3th percentile) — read the EPSS interpretation.

Affected products

Barracuda Networks Inc. Esg Appliance — versions 5.1.3.001

Weakness classification (CWE)

CWE-1104

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores
Ostorlab/KEV
vinzel-ops/vuln-barracuda

References

www.barracuda.com/company/legal/esg-vulnerability
www.cve.org/CVERecord
metacpan.org/dist/Spreadsheet-ParseExcel
github.com/haile01/perl_spreadsheet_excel_rce_poc
github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002fee…
github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

Frequently asked questions

What is CVE-2023-7102?: CVE-2023-7102 is a vulnerability in Barracuda Networks Inc. Esg Appliance, classified under CWE-1104. Published 2023-12-24.
Is CVE-2023-7102 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.