- The U.S. Cybersecurity and Infrastructure Security Agency added a new vulnerability found in the Zimbra email suite to its list.
- The vulnerability, disclosed by Sonar Source, allows attackers to execute arbitrary Memcached commands and data theft.
- The company released fixes that address the vulnerability in May, but it is still under active exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency announced that a new high severity vulnerability is now added to its Known Exploited Vulnerabilities Catalog. The vulnerability is a command injection flaw found in the Zimbra email suite. The vulnerability, tracked as CVE-2022-27924, can allow attackers to execute arbitrary Memchached commands and data theft.
Under attack
The vulnerability was disclosed by SonarSource. SonarSource stated that the code flaws affect Zimbra’s Reverse Proxy and can be exploited with default configurations by an unauthenticated attacker. There are two strategies that allow attackers to exploit the vulnerability. The first one requires the attacker to know the email address of victims to be able to steal their login credentials. The second exploitation technique exploits “Response Smuggling” to bypass the restrictions allowing an attacker to steal cleartext credentials from any vulnerable Zimbra instance.
The vulnerabilities were patched by the company in May. Patch 24.1 has been released as a security patch for Zimbra 9.0.0 and patch 31.1 has been released as a security patch for Zimbra 8.8.15. CISA urged FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. In the list, the vulnerability was disclosed as,
« Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. »