Security News > 2022 > August > Hackers are actively exploiting password-stealing flaw in Zimbra
The Cybersecurity and Infrastructure Security Agency has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers.
The technical report that accompanied SonarSource's disclosure was quite comprehensive, and since it was published over a month after the fixes were made available, it gives hackers many pointers on how to exploit the flaw.
Snatching Zimbra account credentials enables them to access the email server, opening up the pathway to spear-phishing, social engineering, and BEC attacks.
According to the software vendor, Zimbra Collaboration is used by over 200,000 businesses and 1,000 state entities and critical organizations in 140 countries, including the United States.
CISA's addition of CVE-2022-27824 to the catalog of actively exploited flaws introduces the obligation for all Federal agencies in the U.S. to apply the available security updates until August 25, 2022, which is the set deadline for this case.
Of course, non-federal agencies and organizations that use Zimbra Collaboration and haven't updated their products yet should do it immediately, as hacker attacks targeting vulnerable instances are already underway.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-11 | CVE-2022-27824 | Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0 Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | 7.1 |