Unrated severityNVD Advisory· Published Dec 24, 2023· Updated Aug 2, 2024

Remote Code Execution (RCE) Vulnerability

CVE-2023-7102

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Affected products

Barracuda Networks Inc./Barracuda ESG Appliancev5
Range: 5.1.3.001

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pmmitre
github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.mdmitre
metacpan.org/dist/Spreadsheet-ParseExcelmitre
www.barracuda.com/company/legal/esg-vulnerabilitymitre
www.cve.org/CVERecordmitre

News mentions

Metasploit Wrap Up 05/22/2026
Rapid7 Blog · May 22, 2026

cvss	0.000
epss	0.066
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000