Zimbra has issued a warning regarding a critical zero-day vulnerability affecting its email software, which has reportedly been exploited in active attacks. This security flaw is present in the Zimbra Collaboration Suite Version 8.8.15 and poses significant threats to the confidentiality and integrity of user data. In an advisory, the company emphasized the need for immediate attention to this issue.
According to Zimbra, remedial measures have already been implemented, with an official patch expected to be released in July. While specifics about the vulnerability remain limited at this time, the company did mention that it has rectified the issue through enhanced input sanitization practices.
In the meantime, Zimbra has urged customers to apply a manual fix to mitigate the risk of exploitation. The recommended steps involve backing up the vulnerable file, making specific lines of code adjustments, and updating certain parameter values to enhance security.
While the company has not disclosed the exact nature of ongoing exploits, insights from Google’s Threat Analysis Group have shed light on the situation. Researcher Maddie Stone indicated that the flaw in question is a cross-site scripting (XSS) vulnerability, actively being used in targeted attacks. The researcher Clément Lecigne has been credited with discovering and reporting this vulnerability, highlighting the ongoing need for vigilance against such threats.
This alert comes on the heels of Cisco’s announcement that it has released patches to address a critical flaw in its SD-WAN vManage software, identified as CVE-2023-20214, which carries a CVSS score of 9.1. The vulnerability allows unauthenticated remote attackers to gain unnecessary read and limited write permissions to configurations within affected instances, thereby posing considerable risks to organizations using this infrastructure.
Cisco emphasized that successful exploitation could permit attackers to extract sensitive information from and interact with the configuration of the affected vManage instance. The company has patched this vulnerability in multiple software versions and asserted that it has not detected any known malicious usage of the flaw thus far.
On July 26, 2023, Zimbra announced the release of multiple updates to the Zimbra Collaboration Suite, including versions addressing a newly identified cross-site scripting vulnerability designated as CVE-2023-37580. This vulnerability has reportedly been involved in actual exploit scenarios, raising concerns over the exposure of internal JSP and XML files.
For businesses, the current landscape underscores the critical importance of proactive cybersecurity measures and regular software updates. The vulnerabilities highlighted here, particularly the exploitation methods associated with XSS and potential illicit configurations in systems like Zimbra and Cisco, illustrate a pressing need for business owners to stay informed and prepared against evolving cyber threats. The MITRE ATT&CK Matrix remains a valuable resource for understanding the tactics and techniques that might have been employed in these scenarios, including initial access and exploitation methods that can jeopardize organizational security.
