Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices.

The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the ESG appliance, the experts said. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.

Source link