December 3, 2023

An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Also it orders federal agencies to fix both issues by August 25, 2022.

  • CVE-2022-27925 – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
  • CVE-2022-37042 – Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability
Advertisements

The vendor has already released security updates to address both vulnerabilities.

Since last month, researchers discovered that threat actors have exploited the CVE-2022-27925 RCE vulnerability in these attacks.

The flaw was patched in March 2022, since the release of security fixes, it was reasonable that threat actors performed reverse engineering of them and developed an exploit code.

Researchers found signs of remote exploitation but no evidence the attackers had the prerequisite authenticated administrative sessions needed to exploit it. The remote attackers would have been able to obtain administrative credentials on the victims’ ZCS email servers.

In-depth research has determined it was possible to bypass authentication when accessing the same endpoint (mboximport) used by CVE-2022-27925. This meant that CVE-2022-27925 could be exploited without valid administrative credentials, thus making the vulnerability significantly more critical in severity.

Advertisements

Researchers scanned the Internet for compromised Zimbra instances and over 1,000 ZCS instances around the world that were backdoored and compromised. The compromised ZCS installs belongs to a variety of global organizations, including government departments and ministries, military branches, worldwide billionaire businesses, and a significant number of small businesses.

The countries with the most compromised instances include the U.S., Italy, Germany, France, India, Russia, Indonesia, Switzerland, Spain, and Poland.

this research was documented by researchers from Volexity firm

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: