The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Thursday additional a just lately disclosed superior-severity vulnerability in the Zimbra email suite to its Regarded Exploited Vulnerabilities Catalog, citing proof of lively exploitation.
The issue in dilemma is CVE-2022-27924 (CVSS rating: 7.5), a command injection flaw in the system that could guide to the execution of arbitrary Memcached instructions and theft of sensitive info.
“Zimbra Collaboration (ZCS) enables an attacker to inject memcached instructions into a targeted occasion which causes an overwrite of arbitrary cached entries,” CISA claimed.
Especially, the bug relates to a scenario of inadequate validation of person enter that, if efficiently exploited, could help attackers to steal cleartext qualifications from users of targeted Zimbra scenarios.
The issue was disclosed by SonarSource in June, with patches introduced by Zimbra on Could 10, 2022, in versions 8.8.15 P31.1 and 9.. P24.1.
CISA has not shared specialized facts of the attacks that exploit the vulnerability in the wild and has yet to attribute it to a selected menace actor.
In the mild of energetic exploitation of the flaw, users are recommended to apply the updates to the computer software to lower their publicity to potential cyberattacks.
Located this article interesting? Observe THN on Fb, Twitter and LinkedIn to examine additional distinctive information we write-up.
Some parts of this post are sourced from: