CVE-2023-7102

CRITICAL EXPLOITED IN THE WILD

Barracuda ESG Appliance <9.2.1.001 - Parameter Injection

Title source: llm

Exploitation Summary

CVE-2023-7102 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Mandiant, haile01, Curt Hyvarinen, including a Metasploit module exploits/linux/smtp/barracuda_esg_spreadsheet_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-7102, a remote code execution vulnerability in Barracuda ESG appliances. It crafts a malicious XLS file with a payload embedded in a FORMAT record, leveraging an unsafe eval() in the Spreadsheet::ParseExcel library to achieve RCE when the ESG scans the attachment.

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Mandiant, haile01, Curt Hyvarinen · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/smtp/barracuda_esg_spreadsheet_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-7102, a remote code execution vulnerability in Barracuda ESG appliances. It crafts a malicious XLS file with a payload embedded in a FORMAT record, leveraging an unsafe eval() in the Spreadsheet::ParseExcel library to achieve RCE when the ESG scans the attachment.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Barracuda Email Security Gateway (ESG) 5.1.3.001 through 9.2.1.001

No auth needed

Prerequisites: Target email address on the ESG · SMTP access to the ESG appliance

MITRE ATT&CK