Security News > 2022 > August > If you haven't patched Zimbra holes by now, assume you're toast

In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite to break into both government and private-sector networks.

Zimbra is an email and collaboration platform that claims to power "Hundreds of millions of mailboxes in 140 countries."

The five CVE-listed bugs being exploited include CVE-2022-27924, which Zimbra patched in May and received a 7.5 out of 10 CVSS score.

To fix this issue, Zimbra made configuration changes to use the 7zip program instead of UnRAR. We're told that a miscreant is selling an exploit kit for CVE-2022-30333, and there's also a Metasploit module that creates a RAR file, which then can be emailed to a Zimbra server to exploit this flaw.

The fifth known Zimbra vulnerability under active exploit, CVE-2022-24682, is a medium severity cross-site scripting bug that allows crooks to steal session cookie files.

Volexity discovered this one, too, and Zimbra patched it in February.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/23/cisa_zimbra_signatures/