Warning of critical vulnerabilities in Zimbra Collaboration Suite

The National Cyber Security Centre SK-CERT warns of a critical vulnerability in the Zimbra Collaboration Suite.

Zimbra is a popular web-based email server that is often used in Slovak cyberspace. Recent vulnerabilities in this product cause an attacker to upload arbitrary files, which can lead to unauthorized code execution. Exploiting the vulnerabilities will allow full access to other user accounts, all emails and the server itself. A proof of concept exploit – a demonstration of how the vulnerability can be exploited – already exists for these vulnerabilities.

The vulnerabilities are coded CVE-2015-1197, CVE-2022-41352 and the more critical one has a CVSS score of 9.8.

Whether a system is vulnerable depends on which system packages it uses. All Synacor Zimbra Collaboration using CPIO without PAX installed are affected by this critical vulnerability.

Precautions

SK-CERT National Cyber Security Center recommends installing PAX immediately following the instructions posted at https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/. Some distributions may already contain this package and are therefore not affected by this vulnerability.

 

After installing the pax package, we recommend checking the logs and look for non-standard behavior and suspicious patterns that may indicate that the vulnerability has been exploited. Also check to see if a potential attacker has changed the mail settings. Finally, a good recommendation is to change all user and administrator passwords on the server (both email and operating system).

If you suspect that this vulnerability has been exploited on your product instance, please report the incident to the SK-CERT National Cyber Security Centre at [email protected].

« Späť na zoznam