CVE-2023-7102

Published Dec 24, 2023

Last updated 10 months ago

CVSS critical 9.8

Overview

Description: Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Source: mandiant-cve@google.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: NVD-CWE-Other
mandiant-cve@google.com: CWE-1104

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:barracuda:email_security_gateway_300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60161F1-A5A9-41C1-A123-7163D353F927",
            "versionEndIncluding": "9.2.1.001",
            "versionStartIncluding": "5.1.3.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:barracuda:email_security_gateway_300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "824DAE15-3628-4346-947E-C33FA46AADE6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:barracuda:email_security_gateway_400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178F9F7E-C6B7-427A-9E0A-BB98E26443D4",
            "versionEndIncluding": "9.2.1.001",
            "versionStartIncluding": "5.1.3.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:barracuda:email_security_gateway_400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ACD3DD62-D690-47F9-8416-61AD78B33699"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:barracuda:email_security_gateway_600_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D5514D-91F5-46D6-B936-353BA14BD862",
            "versionEndIncluding": "9.2.1.001",
            "versionStartIncluding": "5.1.3.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:barracuda:email_security_gateway_600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C507D86-2E68-44A4-A31C-EEF9A6BBEE54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:barracuda:email_security_gateway_800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1048A03-2201-46DF-9AC9-AFB9FB26F61B",
            "versionEndIncluding": "9.2.1.001",
            "versionStartIncluding": "5.1.3.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:barracuda:email_security_gateway_800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "74D999D5-6CE5-49F7-A0C5-0B44704FEE45"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:barracuda:email_security_gateway_900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E070CD5-CFA8-4FD8-9291-74A0412CC3F2",
            "versionEndIncluding": "9.2.1.001",
            "versionStartIncluding": "5.1.3.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:barracuda:email_security_gateway_900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FFA6EA4B-B0FF-437B-A48E-F11D0CD5EB2B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References