"Barracuda Gateways Hit by Another Vulnerability"

A zero-day vulnerability impacting Barracuda Networks' Email Security Gateway (ESG) enables hackers to install backdoors. The vulnerability exists in Spreadsheet::ParseExcel, an open-source library for processing Excel files. The library is used by the Amavis virus scanner on the ESG to scan Excel attachments sent via email. The vulnerability, tracked as CVE-2023-7102, allows malicious Excel attachments to run arbitrary code on a Barracuda ESG. According to Barracuda, there have already been several exploits of this vulnerability. Hackers reportedly installed two backdoors on several ESG appliances. This article continues to discuss the zero-day vulnerability affecting Barracuda Networks' ESG and previous ESG hacks.

Techzine reports "Barracuda Gateways Hit by Another Vulnerability"

Submitted by grigby1