Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
Posted: Thu Dec 28, 2023 11:52 am
The recently disclosed vulnerability affecting Barracuda Email Security Gateway (ESG) appliances has been exploited as a zero-day to target government, high-tech and IT organizations, according to Mandiant.
The ESG vulnerability, tracked as CVE-2023-7102, is an arbitrary code execution flaw impacting ‘Spreadsheet::ParseExcel’, an open source library used by ESG devices to check Excel email attachments for malware.
Attackers can plant malicious code inside a specially crafted Excel file and send it as an attachment to the targeted organization. The malicious code is executed without any user interaction when the ESG appliance scans the email, enabling the attackers to gain access to systems and steal valuable data.
[...]
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
The ESG vulnerability, tracked as CVE-2023-7102, is an arbitrary code execution flaw impacting ‘Spreadsheet::ParseExcel’, an open source library used by ESG devices to check Excel email attachments for malware.
Attackers can plant malicious code inside a specially crafted Excel file and send it as an attachment to the targeted organization. The malicious code is executed without any user interaction when the ESG appliance scans the email, enabling the attackers to gain access to systems and steal valuable data.
[...]
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ