Barracuda Networks recently encountered a challenge as it uncovered two zero-day vulnerabilities, specifically CVE-2023-7102 and CVE-2023-7101. These Barracuda vulnerabilities were intricately linked to the Spreadsheet::ParseExcel library, revealing an Arbitrary Code Execution (ACE) flaw in the third-party library.
Exploited by the China Nexus actor UNC4841, these security flaws posed a serious threat by targeting Barracuda Email Security Gateway Appliance (ESG) devices through malicious Excel email attachments.
The Barracuda security team, in collaboration with Mandiant, investigated the first Barracuda ESG vulnerability, CVE-2023-7102. This flaw allowed threat actors to execute arbitrary code within the ESG appliance’s third-party library, Spreadsheet::ParseExcel.
This open-source library, integral to the Amavis virus scanner within the ESG appliance, became the focal point of the attack, facilitating the deployment of specially crafted Excel email attachments to compromise a limited number of ESG devices.
Attributing the malicious activity to UNC4841, a China-associated threat actor, Barracuda underscored the severity of the vulnerability with a CVSSv2 score of 7.5 and a CVSS3 score of 8.8. This security flaw impacted Barracuda ESG appliances within the version range from 5.1.3.001 to 9.2.1.001.
In response to the threat, Barracuda took proactive measures by deploying a security update on December 21, 2023, to all active ESGs.
This update effectively addressed the ACE vulnerability in Spreadsheet::ParseExcel, showcasing Barracuda’s commitment to fortifying its technology and safeguarding users without requiring customer intervention.
Moreover, Barracuda reported active attacks targeting CVE-2023-7102, further implicating UNC4841, a group known for exploiting vulnerabilities such as CVE-2023-2868. The swift deployment of security updates highlighted Barracuda’s dedication to staying ahead of state-sponsored threats.
Subsequently, Barracuda identified new variants of SEASPY and SALTWATER malware on compromised ESG devices. Responding decisively, on December 22, 2023, Barracuda deployed a patch to remediate compromised ESG devices exhibiting signs of compromise related to these newly identified malware variants.
The discovery and rapid mitigation of the Barracuda ESG vulnerability (CVE-2023-7102) emphasizes the importance of proactive cybersecurity measures and accountability against online threats and actors exploiting critical vulnerabilities in devices and networks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
This week’s The Cyber Express roundup covers ransomware, AI risks, geopolitical threats, and key developments in global cybersecurity news.
DeepSeek changed the calculation. When the House Select Committee on China concluded in early 2025 that the Chinese AI company…
The Apple age verification measures align with broader enforcement efforts under the UK’s online safety framework.
EU and ENISA act to protect the bedrock cyber vulnerability CVE Program after funding concerns raise risks of fragmentation and…
Energy sector ransomware surged in 2025 as ransomware groups exploited vulnerabilities and used FrostyGoop malware to disrupt infrastructure.
Reporting mechanisms for illegal content are also part of the Digital Services Act child protection investigation.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More