1.2 C
New York
Monday, February 26, 2024

Barracuda fixes new ESG zero-day exploited by Chinese hackers

Barracuda fixes new ESG zero-day exploited by Chinese hackers

Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices.

The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the ESG appliance, the experts said. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.

Source link

Latest stories