Security News > 2022 > October > Almost 900 servers hacked using Zimbra zero-day flaw

Almost 900 servers hacked using Zimbra zero-day flaw
2022-10-15 14:14

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months.

The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.

Kaspersky told BleepingComputer that they detected at least 876 servers being compromised by sophisticated attackers leveraging the vulnerability before it was widely publicized and received a CVE identifier.

On the same day, a proof of concept was added to the Metasploit framework, enabling even low-skilled hackers to launch effective attacks against vulnerable servers.

Volexity reported yesterday that its analysts had identified approximately 1,600 ZCS servers that they believe were compromised by threat actors leveraging CVE-2022-41352 to plant webshells.

The first attacks started in September, targeting vulnerable Zimbra servers in India and some in Turkey.


News URL

https://www.bleepingcomputer.com/news/security/almost-900-servers-hacked-using-zimbra-zero-day-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-26 CVE-2022-41352 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 8 2 53 11 7 73