Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
The vulnerability originates from a Perl library called Spreadsheet-ParseExcel, used by Barracuda ESG software to process Excel files. Improper handling of input data in this library enables parameter injection through a specially crafted Excel file. An attacker can deliver a malicious file (e.g., as an email attachment), which is automatically processed by the gateway, triggering the exploit without any user interaction.
An unauthenticated remote attacker can gain full control over the device — confidentiality, integrity, and availability of the system are compromised at a critical level.
Barracuda removed the vulnerable logic from the device. Ensure that ESG devices have received an update that eliminates this component — details are available in the Barracuda Networks security notice at: https://www.barracuda.com/company/legal/esg-vulnerability. Patches provided by the vendor should be applied according to the references.
Barracuda ESG Appliance in versions from 5.1.3.001 to 9.2.1.001 (models 300, 400, 600 and others covered by this firmware line), until the vulnerable logic is removed by Barracuda Networks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBarracuda Email Security Gateway 300
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 300 Firmware
OSBarracuda5.1.3.001 – 9.2.1.001Barracuda Email Security Gateway 400
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 400 Firmware
OSBarracuda5.1.3.001 – 9.2.1.001Barracuda Email Security Gateway 600
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 600 Firmware
OSBarracuda5.1.3.001 – 9.2.1.001Barracuda Email Security Gateway 800
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 800 Firmware
OSBarracuda5.1.3.001 – 9.2.1.001Barracuda Email Security Gateway 900
HWBarracudawszystkie wersjeBarracuda Email Security Gateway 900 Firmware
OSBarracuda5.1.3.001 – 9.2.1.001
Related vulnerabilities
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor...
Barracuda RMM — RCE przez deserializację .NET Remoting w Service Center
Barracuda RMM – RCE przez insecure reflection w Service Center
Barracuda RMM: path traversal i RCE przez niezweryfikowany URL w WSDL
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leverag...