Security News > 2022 > August > Zimbra auth bypass bug exploited to breach over 1,000 servers

An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite email servers worldwide.

Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.

"If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," the alert published on Wednesday reads.

After discovering evidence during multiple incident responses that Zimbra email servers were being breached using the CVE-2022-27925 RCE with the help of the CVE-2022-37042 auth bypass bug, Volexity scanned for instances of hacked servers exposed to Internet access.

Since the latest Zimbra versions are patched against the actively exploited RCE and auth bypass bugs, admins should patch their servers immediately to block attacks.

These two Zimbra bugs are likely not the only ones actively exploited, given that CISA has added another high severity Zimbra flaw, allowing unauthenticated attackers to steal plain text credentials, to its Known Exploited Vulnerabilities Catalog.

News URL

https://www.bleepingcomputer.com/news/security/zimbra-auth-bypass-bug-exploited-to-breach-over-1-000-servers/