Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.
Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.
The vulnerability, now identified as CVE-2023-38750, is a security flaw reflected Cross-Site Scripting (XSS) discovered by security researcher Clément Lecigne of Google Threat Analysis Group. XSS attacks pose a significant threat, allowing threat actors to steal sensitive information or execute malicious code on vulnerable systems.
Zimbra did not initially reveal that the zero-day was being exploited in the wild when it announced the vulnerability and encouraged users to fix it manually; Google TAG's Maddie Stone said that the vulnerability was discovered while being exploited in a targeted attack.
"To maintain the highest level of security, we kindly request your cooperation to apply the fix manually on all of your mailbox nodes," Zimbra said at the time, asking admins to mitigate the security bug manually.
Two weeks after the initial advisory was published, the company released ZCS 10.0.2, a version that also fixes the CVE-2023-38750 bug, which could potentially expose internal JSP and XML files.
Another reflected XSS bug in Zimbra was exploited since at least February 2023 by the Winter Vivern Russian hacking group to breach NATO-aligned governments' webmail portals and steal the emails of government officials, military personnel, and diplomats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. federal agencies to secure their systems against CVE-2023-38750 attacks. The agency added this vulnerability to its Known Exploited Vulnerabilities catalogue, which mandates Federal Civilian Executive Branch Agencies (FCEB) to patch vulnerable ZCS email servers on their networks according to the binding operational directive (BOD 22-01) issued in November 2021.
CISA has set a deadline of 17 August for compliance, instructing them to mitigate the flaw on all unpatched devices. The catalogue primarily focuses on U.S. federal agencies; private companies are also strongly advised to prioritize and implement patches for all vulnerabilities listed in CISA's catalogue of exploited bugs.
These vulnerabilities are common attack vectors for malicious cyber actors and cause significant risks to the federal enterprise, warned CISA.
This Tuesday, CISA also instructed U.S. federal agencies to address an auth bypass bug in Ivanti's Endpoint Manager Mobile (EPMM), or MobileIron Core, utilized as a zero-day to hack a software platform used by 12 Norwegian ministries.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?