CVE-2023-7102

CVE Published	2023-12-24
Related CWE(s)	CWE-1104: Use of Unmaintained Third Party Components
Related Vendor(s)	barracuda
Related Product(s)	email_security_gateway_900_firmware, email_security_gateway_300_firmware, email_security_gateway_600_firmware, email_security_gateway_400_firmware, email_security_gateway_800_firmware
CVSS 3 Base Score	9.8 (CRITICAL)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Threat Reports Related to CVE-2023-7102

Report

We're All in this Together - A Year in Review of Zero-Days Exploited In-the-Wild in 2023

This report from Mandiant and Google Threat Analysis Group (TAG) presents combined analysis of zero day vulnerability exploitation in 2023. The ...

View Source

References

CVE.org

View more information about CVE-2023-7102 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2023-7102 on the NIST NVD.