CVE-2023-7102

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001

Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis scanner within the gateway to screen Microsoft Excel email attachments for malware. This vulnerability allowed parameter injection. Chinese hackers exploited this zero-day vulnerability to deliver malware to Barracuda Email Security Gateway (ESG) appliances and deploy backdoors on a limited number of devices. The estimated number of potentially affected devices worldwide is around 7,877, mainly distributed in the United States, China, and other countries. Google Cloud reported the detection of this vulnerability's exploitation, specifically targeting high-tech, information technology providers, and government entities, primarily in the U.S. and Asia-Pacific regions.

Recommendations For Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001, update to the latest version that includes the patch for this vulnerability. As a temporary workaround, consider disabling the Amavis scanner or restricting the use of the Spreadsheet::ParseExcel library until a patch is available. Barracuda has deployed a security update to all active ESG appliances, which was applied automatically, and then deployed a second patch to remediate compromised ESG appliances.