"Zimbra Credential Theft Vulnerability Exploited in Attacks"

The US Cybersecurity and Infrastructure Security Agency (CISA) recently informed organizations that a recently patched vulnerability affecting the Zimbra enterprise email solution has been exploited in attacks.  The security hole is tracked as CVE-2022-27924 and described as a Memcache injection issue that can allow an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction.  CISA noted that an attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain sensitive information.  Access to mailboxes can also allow the attacker to impersonate users and spy on victims.  Zimbra products are used by more than 200,000 organizations worldwide.  The vulnerability was fixed in May with the release of versions 8.8.15 with patch level 31.1 and 9.0.0 with patch level 24.1.  CISA added CVE-2022-27924 to its Known Exploited Vulnerabilities Catalog and instructed government agencies to install the available patches by August 25.

SecurityWeek reports: "Zimbra Credential Theft Vulnerability Exploited in Attacks"