Categories Blog About 1000 Zimbra Servers affected by Authentication Bypass Flaw Post author By Vinith Sengunthar Post date August 23, 2022 No Comments on About 1000 Zimbra Servers affected by Authentication Bypass Flaw Home » Blog » About 1000 Zimbra Servers affected by Authentication Bypass Flaw About 1000 Zimbra Servers affected by Authentication Bypass Flaw The Zimbra Collaboration Suite (ZCS) had a serious high severity authentication bypass vulnerability that put email security at risk. Over a thousand email servers were compromised by an attack on the vulnerability, according to researchers. Many companies utilize Zimbra as an email and collaboration tool, including governmental and financial institutions. Today, 140 nations and more than 200,000 enterprises use Zimbra’s email and collaboration platform. There are more than 1,000 businesses in the public and private sectors among them. Vulnerability Overview Researchers reported that attackers have been actively exploiting the CVE-2022-27925 vulnerability in Zimbra Collaboration Suite (ZCS) with a Base Score of 7.2. It is a Remote Code Execution vulnerability that requires authentication and could be evaded when CVE-2022-37042 is exploited. The mboximport feature of the ZCS version 8.8.15 and 9.0 has this vulnerability that allows arbitrary files to be uploaded, which may lead to remote code execution. Zimbra Collaboration Suite (ZCS) MailboxImportServlet contains CVE-2022-37042, which permits bypassing authentication. There would be no requirement for legitimate administrator credentials when accessing mboximport thanks to the discovery that it may be abused in a chain with CVE-2022-27925 to achieve unauthenticated remote code execution. Impact By placing web shells in certain locations after successfully exploiting this vulnerability, attackers can get persistent access to the compromised zimbra email servers. Are There Any Patches Available to Address this Security Flaw? Fixes for CVE-2022-37042 and CVE-2022-27925 have been made available by Zimbra. If you use versions older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26, it is highly recommended to apply the most recent fixes. Mitigations The most recent ZCS releases are advised for organizations to upgrade to, as stated on Zimbra Security – News & Alerts and Zimbra Security Advisories. In order to lower the danger of compromise, CISA and the MS-ISAC also advise enterprises to implement the following best practices: Keep an incident response plan maintained and test it. Make sure your company has a vulnerability management program in place, and that it gives patch management and vulnerability screening for known exploited vulnerabilities top priority. Configure and secure network devices that connect to the internet properly. Avoid making administrative interfaces accessible over the internet. Disable network protocols and ports that are not in use. Remove or disable unused network devices and services. Adopt zero-trust architecture and principles, such as micro-segmenting networks and features to prevent or restrict lateral movement. Enforcing MFA that is resistant to phishing for all users and VPN connections. Limiting network access to reliable hardware and users. Incident Response CISA and the MS-ISAC advise taking the initial measures listed below in the event that a system has been compromised by active or recently active threat actors in an organization’s environment: Gather and examine artifacts, such as active programs or services, erratic logins, and recent network connections. Put possibly harmed hosts in quarantine or take them offline. Reimage the affected hosts. Create fresh account credentials. Inform your internal IT or SOC of the compromise. SearchSearch Recent Post Partner Center a unified hub for business growth for partners launched by SharkStriker December 7, 2023 SharkStriker Wins the “SIEM Innovation of the Year” award at the 7th CyberSecurity Breakthrough awardOctober 6, 2023 SharkStriker joins the league of the world’s Top 250 MSSPs, again! September 27, 2023 STRIEGO by SharkStriker: A holistic cybersecurity platform launched September 20, 2023 SharkStriker launches a data center in South AfricaAugust 31, 2023 On-Demand Webinars 8 ways to level up an SMB cybersecurity programJanuary 22, 2024 Know which cyber insurance will fetch you the maximum ROI for your business.July 19, 2023 Charter business growth in cybersecurity services market in 2023May 19, 2023 Live Attack Simulation: Exploring Microsoft Exchange from a Hacker’s POVApril 21, 2023 Affordable enterprise security for SMBsMarch 10, 2023 MDR Complete Visibility, Continuous Monitoring& Advanced Threat Protection withAI-backed Incident Remediation. Read More > Latest Post AllBlog Load More Blog Webinar News Guides Videos Data Sheet Services ← Social Engineering results in the disastrous attack on Cisco → Live Hacking Simulation: Yanluowang Ransomware Gang Approach – USA Region Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment.