Feds warn about actively exploited Zimbra vulnerabilities

The Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center have issued a joint security alert warning organizations about the active exploitation of five already-patched Zimbra Collaboration Suite vulnerabilities aimed at infiltrating private and public networks, reports The Register. Among the exploited flaws is the high-severity bug, tracked as CVE-2022-27924, which was identified by SonarSource in March and addressed by Zimbra in May prior to the release of proof-of-concept exploits in June. Attackers could leverage the particular bug to enable arbitrary memcache command injections that could facilitate account credential theft. "Due to the POC and ease of exploitation, CISA and the MS-ISAC expect to see widespread exploitation of unpatched ZCS instances in government and private networks," warned the feds. SonarSource also discovered the high-severity vulnerability, tracked as CVE-2022-30333, which could allow attackers to access all emails sent and received by a compromised server. Organizations that did not immediately update their ZCS instances have been urged by CISA to leverage third-party detection signatures in an effort to better identify malicious activity.