CVE-2023-7102 Zero dat at Barracuda(Email security solution)firm

Barracuda disclosed that Chinese threat actors exploited a zero-day (CVE-2023-7102) in its Email Security Gateway, allowing arbitrary code execution through a third-party library. This follows a prior incident (CVE-2023-2868) this year by the same threat actor (UNC4841). The exploit involves a crafted Excel email attachment, leading to backdoor deployment with known implants SEASPY and SALTWATER. Barracuda released an automatic security update on December 21, 2023, and deployed a patch for compromised devices the next day. The original flaw in Spreadsheet::ParseExcel …

actor arbitrary code attachment backdoor barracuda chinese code code execution cve cve-2023-2868 cybersecurity deployment email email attachment email security email security gateway excel exploit exploited gateway implants incident library party seaspy security security gateway solution third third-party threat threat actor threat actors unc4841 zero-day