Critical Zero-Day Flaw in Zimbra Email Software Under Active Exploitation

According to the company's advisory, "A security vulnerability has been identified in Zimbra Collaboration Suite Version 8.8.15 that could potentially compromise the confidentiality and integrity of your data."

Zimbra has already addressed the issue and is planning to release a patch in July to fix the vulnerability. However, no further details about the flaw have been provided at this time.

In the meantime, Zimbra is urging its customers to apply a manual fix in order to eliminate the attack vector. Here are the steps to apply the fix:

1. Take a backup of the file located at /opt/zimbra/jetty/webapps/zimbra/m/momoveto.

2. Open the file and go to line number 40.

3. Update the parameter value to: `<input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>`

 4. Before the update, the line should appear as: `<input name="st" type="hidden" value="${param.st}"/>`

Although specific details of the active exploitation have not been disclosed by the company, Google Threat Analysis Group (TAG) researcher Maddie Stone revealed that the flaw, which involves cross-site scripting (XSS), has been abused in targeted attacks. The bug was discovered and reported by TAG researcher Clément Lecigne.

In a separate security development, Cisco has released patches to address a critical vulnerability in its SD-WAN vManage software (CVE-2023-20214, CVSS score: 9.1). This flaw could potentially allow an unauthenticated remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

"A successful exploit of this vulnerability could enable the attacker to retrieve and send information to the configuration of the affected Cisco vManage instance," the company stated.

The vulnerability has been fixed in the following versions: 20.6.3.4, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.10.1.2, and 20.11.1.2. Cisco has not received any reports of malicious exploitation of this flaw so far.

Please note that it is crucial to apply the necessary patches or fixes provided by Zimbra and Cisco to ensure the security of your systems and data.

Saya penulis yang mengulas berbagai informasi seputar pendidikan, sejarah, teknologi, hiburan, tutorial dan lainnya.

إرسال تعليق