Barracuda Vulnerabilities: A Proactive Response that Saves the Day!

December 27, 2023
1 min read

Barracuda Networks has recently discovered two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, which were linked to the Spreadsheet::ParseExcel library. These vulnerabilities allowed threat actors to execute arbitrary code within the Barracuda Email Security Gateway Appliance (ESG) devices through malicious Excel email attachments. The first vulnerability, CVE-2023-7102, was investigated by the Barracuda security team in collaboration with Mandiant. It allowed threat actors to execute arbitrary code within the ESG appliance’s third-party library. Barracuda responded to the vulnerabilities by deploying a security update to all active ESGs, effectively addressing the vulnerabilities and protecting its users. The swift response demonstrated Barracuda’s commitment to fortifying its technology and staying ahead of state-sponsored threats. In addition to these vulnerabilities, Barracuda also identified new variants of SEASPY and SALTWATER malware on compromised ESG devices and deployed a patch to remediate compromised devices. The discovery and mitigation of these vulnerabilities highlight the importance of proactive cybersecurity measures in protecting devices and networks from exploitation.

Latest from Blog