Security News > 2022 > August > If you haven't patched Zimbra holes by now, assume you're toast
In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbra Collaboration Suite to break into both government and private-sector networks.
Zimbra is an email and collaboration platform that claims to power "Hundreds of millions of mailboxes in 140 countries."
The five CVE-listed bugs being exploited include CVE-2022-27924, which Zimbra patched in May and received a 7.5 out of 10 CVSS score.
To fix this issue, Zimbra made configuration changes to use the 7zip program instead of UnRAR. We're told that a miscreant is selling an exploit kit for CVE-2022-30333, and there's also a Metasploit module that creates a RAR file, which then can be emailed to a Zimbra server to exploit this flaw.
The fifth known Zimbra vulnerability under active exploit, CVE-2022-24682, is a medium severity cross-site scripting bug that allows crooks to steal session cookie files.
Volexity discovered this one, too, and Zimbra patched it in February.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/23/cisa_zimbra_signatures/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-09 | CVE-2022-30333 | Path Traversal vulnerability in multiple products RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. | 7.5 |
2022-04-21 | CVE-2022-27924 | Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. | 7.5 |
2022-02-09 | CVE-2022-24682 | Improper Encoding or Escaping of Output vulnerability in Zimbra Collaboration An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. | 6.1 |