Barracuda fixes new ESG zero-day exploited by Chinese hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices.

The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the ESG appliance, the experts said. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.


Click Here For The Original Story From This Source.

National Cyber Security