Zimbra Auth Security Flaw Used to Exploit Over 1,000 Govt. & Financial Orgs Servers

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
There is an authentication bypass security vulnerability in Zimbra which is actively exploited by cybercriminals in order to compromise ZCS email servers around the world.

A wide range of businesses, including government and financial organizations, use Zimbra as an email and collaboration platform.

More than 200,000 businesses are using Zimbra’s email and collaboration platform today across 140 countries. Among them, there are more than 1,000 organizations in the financial and government sectors.

Flaw Profile

It has been reported by threat intelligence firm Volexity that attackers have been exploiting the CVE-2022-27925 vulnerability in ZCS, and it’s a remote code execution vulnerability (RCE).

It is important to take into account the possibility that your ZCS instance may be compromised if vulnerable servers are not patched against CVE-2022-27925 before May 2022.

This scan is based primarily on shell paths known to Volexity, therefore if this is the only list of compromised servers, it is likely that there is a higher number of compromised servers than this listing.

At the time of its listing, CVE-2022-27925 was classified as an RCE exploit that required authentication to be executed.

Combining this vulnerability with a separate bug would result in remote exploitation exploit that would be unauthenticated and make it easy for someone to exploit it remotely.