Barracuda Networks recently encountered a challenge as it uncovered two zero-day vulnerabilities, specifically CVE-2023-7102 and CVE-2023-7101. These Barracuda vulnerabilities were intricately linked to the Spreadsheet::ParseExcel library, revealing an Arbitrary Code Execution (ACE) flaw in the third-party library.
Exploited by the China Nexus actor UNC4841, these security flaws posed a serious threat by targeting Barracuda Email Security Gateway Appliance (ESG) devices through malicious Excel email attachments.
Decoding Barracuda Vulnerabilities
The Barracuda security team, in collaboration with Mandiant, investigated the first Barracuda ESG vulnerability, CVE-2023-7102. This flaw allowed threat actors to execute arbitrary code within the ESG appliance’s third-party library, Spreadsheet::ParseExcel.
This open-source library, integral to the Amavis virus scanner within the ESG appliance, became the focal point of the attack, facilitating the deployment of specially crafted Excel email attachments to compromise a limited number of ESG devices.
Attributing the malicious activity to UNC4841, a China-associated threat actor, Barracuda underscored the severity of the vulnerability with a CVSSv2 score of 7.5 and a CVSS3 score of 8.8. This security flaw impacted Barracuda ESG appliances within the version range from 5.1.3.001 to 9.2.1.001.
Barracuda’s Swift Response to ESG Vulnerabilities
In response to the threat, Barracuda took proactive measures by deploying a security update on December 21, 2023, to all active ESGs.
This update effectively addressed the ACE vulnerability in Spreadsheet::ParseExcel, showcasing Barracuda’s commitment to fortifying its technology and safeguarding users without requiring customer intervention.
Moreover, Barracuda reported active attacks targeting CVE-2023-7102, further implicating UNC4841, a group known for exploiting vulnerabilities such as CVE-2023-2868. The swift deployment of security updates highlighted Barracuda’s dedication to staying ahead of state-sponsored threats.
Subsequently, Barracuda identified new variants of SEASPY and SALTWATER malware on compromised ESG devices. Responding decisively, on December 22, 2023, Barracuda deployed a patch to remediate compromised ESG devices exhibiting signs of compromise related to these newly identified malware variants.
The discovery and rapid mitigation of the Barracuda ESG vulnerability (CVE-2023-7102) emphasizes the importance of proactive cybersecurity measures and accountability against online threats and actors exploiting critical vulnerabilities in devices and networks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.