On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed in its findings that they have discovered a high-severity vulnerability in the Zimbra email. Based on the evidence of active exploitation, the new vulnerability has now been added to its Known Exploited Vulnerabilities Catalog.
As of present, researchers are investigating CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could allow the execution of arbitrary Memcached commands and theft of important data.
These kinds of Vulnerabilities are very frequent and are oftenly seen, as per the data these vulnerabilities pose a higher risk to the federal enterprise.
“Zimbra Collaboration (ZCS) allows an attacker to inject Memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries”, CISA added.
The attack first was reported by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1.
Before Installing Patch 9.0.0 Patch 24.1, users are recommended to consider the following:
• Patches are accumulative.
• Zimlet patches remove existing Zimlets and redeploy the patched Zimlet.
• Before applying the patch, a full backup should be performed.
• There is no automated roll-back.
• Before using ZCS CLI commands Switch to Zimbra user.
• Must note that you will not be able to revert to the previous ZCS release after you upgrade to the patch.
• Understand that the installation process has been upgraded. Additional steps to install Zimbra-common-core-libs, Zimbra-common-core-jar and Zimbra-mbox-store-libs packages have been included for this patch release.
“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria”, CISA further told.
