CVE-2023-7102

Name: CVE-2023-7102
Creator: NVD / NIST
Published: 2023-12-24T22:15:08.107+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 43.32%

Last modified Jun 17, 2026

CVE-2023-7102 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. . EPSS estimates a 43.32% chance of exploitation in the next 30 days.

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

43.32%

98.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-1104

Affected Software

Vendor	Product	Versions
Barracuda	Email Security Gateway 300 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 400 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 600 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 800 Firmware	>= 5.1.3.001, <= 9.2.1.001
Barracuda	Email Security Gateway 900 Firmware	>= 5.1.3.001, <= 9.2.1.001

References

https://github.com/haile01/perl_spreadsheet_excel_rce_pocThird Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdThird Party Advisory
https://metacpan.org/dist/Spreadsheet-ParseExcelProduct
https://www.barracuda.com/company/legal/esg-vulnerabilityVendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-7101Third Party Advisory
https://github.com/haile01/perl_spreadsheet_excel_rce_pocThird Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdThird Party Advisory
https://metacpan.org/dist/Spreadsheet-ParseExcelProduct
https://www.barracuda.com/company/legal/esg-vulnerabilityVendor Advisory
https://www.cve.org/CVERecord?id=CVE-2023-7101Third Party Advisory

Timeline

Published: Dec 24, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-7102?

How severe is CVE-2023-7102?

CVE-2023-7102 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 43.32% probability of exploitation in the next 30 days.

How do I fix CVE-2023-7102?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-7102?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST