"Zimbra Auth Bypass Bug Exploited to Breach over 1,000 Servers"

An authentication bypass Zimbra security flaw is actively being used to compromise Zimbra Collaboration Suite (ZCS) email servers. Zimbra is an email and collaboration platform used by over 200,000 businesses in 140 countries, including more than 1,000 government and financial institutions. As early as the end of June, attackers were abusing a ZCS Remote Code Execution (RCE) flaw, tracked as CVE-2022-27925, that required authentication with the help of an authentication bypass bug, tracked as CVE-2022-37042, according to threat intelligence firm Volexity. Volexity believes this vulnerability was exploited in a similar manner to the Microsoft Exchange zero-day vulnerabilities discovered in early 2021. Initially used by espionage-oriented threat actors, it was later picked up and used in mass-exploitation attempts by other threat actors. Successful exploitation enables attackers to deploy web shells in specific locations on compromised servers in order to gain persistent access. This article continues to discuss the exploitation and impact of the Zimbra authentication bypass security vulnerability. 

Bleeping Computer reports "Zimbra Auth Bypass Bug Exploited to Breach over 1,000 Servers"