The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra messaging suite to its Catalog of known exploited vulnerabilitiesciting proof of active operation.
The issue in question is CVE-2022-27924 (CVSS score: 7.5), a platform command injection flaw that might lead to the execution of arbitrary Memcached commands and theft of sensitive information.
“Zimbra Collaboration (ZCS) allows an attacker to inject memcached commands into a targeted instance, which causes arbitrary cached entries to be overwritten,” CISA said.
archyde news
Specifically, the bug addresses a case of insufficient validation of user input which, if successfully exploited, might allow attackers to steal users’ plaintext credentials from targeted Zimbra instances.
https://www.youtube.com/watch?v=GIgHZrPrGug
The problem was revealed by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1.
CISA has not shared technical details of the attacks that exploit the vulnerability in the wild and has not yet attributed it to a certain threat actor.
Given the active exploitation of the flaw, users are recommended to apply software updates to reduce their exposure to possible cyberattacks.