CISA is sounding the alarm: federal agencies are required to deal with the problem by March 4.
Experts warn about a critical vulnerability in the Roundcube mail server, which was formally fixed in September last year, but is still being used by attackers to conduct cross-site scripting (XSS) attacks.
Roundcube is a free, open-source web-based email client that makes it easy to read, send, and manage emails directly from a web browser. This client stands out for its intuitive interface, which resembles traditional desktop email applications, and offers customization options through plugins. Roundcube supports many languages, which makes it popular with users around the world. It is also used by representatives of large businesses and government organizations. Key features include an advanced HTML editor for composing emails, an address book, attachment support, and email content search.
We are talking about the issue of CVE-2023-43770, which is a permanent XSS vulnerability. It allows attackers to gain access to protected information by sending plain/text messages with malicious links. The operation requires minimal user input.
The bug affected versions of Roundcube starting from 1.4.14 and higher, including the 1.5.x to 1.5.4 and 1.6.x to 1.6.3 series. After detecting the problem, the developers recommended that customers urgently update to the latest versions, especially emphasizing the importance of the update for 1.6.x users.
Even the CISA agency has expressed concern about this issue, including CVE-2023-43770 in its Catalog of Known exploited Vulnerabilities . This action proves the seriousness of the problem, because such defects can also threaten the security of federal structures.
The situation is compounded by the fact that in addition to CVE-2023-43770, attackers exploit other vulnerabilities in Roundcube. In particular, the Winter Vivern group has repeatedly used the issue of CVE-2023-5631 to conduct targeted attacks. Criminals managed to inject malicious JavaScript code into HTML emails and SVG documents using simple manipulations. These attacks compromised Roundcube webmail servers used by government agencies and think tanks in Europe, as well as breached the security of NATO data.
CISA has given the Federal Civil Executive Branch (FCEB) agencies until March 4 to resolve the issue in accordance with BOD Directive 22-01. While the main focus is on government entities, the recommendations also apply to private organizations around the world.
Experts warn about a critical vulnerability in the Roundcube mail server, which was formally fixed in September last year, but is still being used by attackers to conduct cross-site scripting (XSS) attacks.
Roundcube is a free, open-source web-based email client that makes it easy to read, send, and manage emails directly from a web browser. This client stands out for its intuitive interface, which resembles traditional desktop email applications, and offers customization options through plugins. Roundcube supports many languages, which makes it popular with users around the world. It is also used by representatives of large businesses and government organizations. Key features include an advanced HTML editor for composing emails, an address book, attachment support, and email content search.
We are talking about the issue of CVE-2023-43770, which is a permanent XSS vulnerability. It allows attackers to gain access to protected information by sending plain/text messages with malicious links. The operation requires minimal user input.
The bug affected versions of Roundcube starting from 1.4.14 and higher, including the 1.5.x to 1.5.4 and 1.6.x to 1.6.3 series. After detecting the problem, the developers recommended that customers urgently update to the latest versions, especially emphasizing the importance of the update for 1.6.x users.
Even the CISA agency has expressed concern about this issue, including CVE-2023-43770 in its Catalog of Known exploited Vulnerabilities . This action proves the seriousness of the problem, because such defects can also threaten the security of federal structures.
The situation is compounded by the fact that in addition to CVE-2023-43770, attackers exploit other vulnerabilities in Roundcube. In particular, the Winter Vivern group has repeatedly used the issue of CVE-2023-5631 to conduct targeted attacks. Criminals managed to inject malicious JavaScript code into HTML emails and SVG documents using simple manipulations. These attacks compromised Roundcube webmail servers used by government agencies and think tanks in Europe, as well as breached the security of NATO data.
CISA has given the Federal Civil Executive Branch (FCEB) agencies until March 4 to resolve the issue in accordance with BOD Directive 22-01. While the main focus is on government entities, the recommendations also apply to private organizations around the world.
