Security News > 2022 > August > Zimbra auth bypass bug exploited to breach over 1,000 servers

Zimbra auth bypass bug exploited to breach over 1,000 servers
2022-08-11 19:32

An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite email servers worldwide.

Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.

"If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," the alert published on Wednesday reads.

After discovering evidence during multiple incident responses that Zimbra email servers were being breached using the CVE-2022-27925 RCE with the help of the CVE-2022-37042 auth bypass bug, Volexity scanned for instances of hacked servers exposed to Internet access.

Since the latest Zimbra versions are patched against the actively exploited RCE and auth bypass bugs, admins should patch their servers immediately to block attacks.

These two Zimbra bugs are likely not the only ones actively exploited, given that CISA has added another high severity Zimbra flaw, allowing unauthenticated attackers to steal plain text credentials, to its Known Exploited Vulnerabilities Catalog.


News URL

https://www.bleepingcomputer.com/news/security/zimbra-auth-bypass-bug-exploited-to-breach-over-1-000-servers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-12 CVE-2022-37042 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
network
low complexity
zimbra CWE-22
critical
9.8
2022-04-21 CVE-2022-27925 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
network
low complexity
zimbra CWE-22
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 39 16 8 63