Security News > 2022 > October > Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances.

Tracked as CVE-2022-41352, the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives.

The flaw, in turn, is said to be rooted in another underlying vulnerability that was first disclosed in early 2015, which according to Flashpoint was rectified, only to be subsequently reverted in later Linux distributions.

"An attacker can use cpio package to gain incorrect access to any other user accounts," Zimbra said in an advisory published last week, adding it "Recommends pax over cpio."

The attacks, which unfolded over two attack waves in early and late September, primarily targeted government entities in the region, abusing the initial foothold to drop web shells on the compromised servers for follow-on activities.

Based on information shared by incident response firm Volexity, roughly 1,600 Zimbra servers are estimated to have been infected in what it calls a "Mix of targeted and opportunistic attacks."


News URL

https://thehackernews.com/2022/10/zimbra-releases-patch-for-actively.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-26 CVE-2022-41352 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 39 16 8 63