Organ Network security and US Infrastructure (CISA) on Thursday added a recently disclosed high severity vulnerability in the Zimbra email suite to its List of Known Exploited Vulnerabilities, citing evidence. about active exploitation.
The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection vulnerability in the platform that could lead to the execution of arbitrary Memcached commands and the theft of sensitive information.
“Zimbra Collaboration (ZCS) allows an attacker to inject memorized commands into a targeted instance that causes the overwriting of arbitrary cached entries,” CISA said.
Specifically, this error is related to the case no accuracy Sufficient user input, if successfully exploited, could allow an attacker to steal clear text credentials from users of targeted Zimbra instances.
The issue was disclosed by SonarSource in June, with patches released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1.
CISA has not shared technical details about attacks that exploit the vulnerability in the wild and has yet to attribute it to a certain threat actor.
In the context of active exploitation of the vulnerability, users should apply updates to software to reduce the risk of potential cyber attacks.