Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
Attackers disguise commands in email messages.
Cybersecurity experts are calling for immediate updates to Zimbra's email servers, as a new critical vulnerability is already being actively exploited by hackers.
The vulnerability with the identifier CVE-2024-45519 was discovered on September 27. Proofpoint reports that attacks on vulnerable servers began the day after its publication.
According to Project Discovery's analysis, the problem lies in the Zimbra postjournal library and is related to insufficient validation of user input. Hackers can add fake addresses to the CC field in emails that are disguised as Gmail. As a result, instead of real addresses, base64 strings appear in the field, which are processed by Zimbra mail servers.
Exploitation of the vulnerability allows attackers to gain unauthorized access, escalate privileges, and compromise system security. Project Discovery reports that even unupdated versions of Zimbra can partially protect against attack, but small changes in the command syntax allow you to bypass this protection.
According to Proofpoint, the same servers that are used to send malicious emails are also involved in downloading and installing malware on compromised systems. Hackers try to create web shells on vulnerable Zimbra servers, which gives them the ability to execute commands and download files remotely.
Ivan Kwiatkowski, lead cyber threat researcher at HarfangLab, warned that mass attacks have already begun and strongly recommends that Zimbra users install updates immediately.
According to Zimbra's security advisory page, the vulnerability was discovered by graduate student Alan Lee of National Yang Ming Chao Tung University in Taiwan. Although it has not yet been assigned an official level of danger, Project Discovery researchers have rated it as "critical" due to serious security threats.
The National Vulnerability Database (NVD) has assigned the vulnerability a CVE identifier. However, due to the high load on the organization, the vulnerability analysis process is delayed. In February of this year, NVD said it needed time to "address issues in the NVD program and develop improved tools and methods". According to VulnCheck, by May, 93.4% of all vulnerabilities did not have enough information to ensure protection.
The National Institute of Standards and Technology (NIST), which manages the NVD, signed a contract with Analygence in May to speed up the processing of vulnerabilities. Despite the progress, 14.1% of new vulnerabilities still remain without a severity assessment, although NIST promised to complete the work by September 30.
Source
Cybersecurity experts are calling for immediate updates to Zimbra's email servers, as a new critical vulnerability is already being actively exploited by hackers.
The vulnerability with the identifier CVE-2024-45519 was discovered on September 27. Proofpoint reports that attacks on vulnerable servers began the day after its publication.
According to Project Discovery's analysis, the problem lies in the Zimbra postjournal library and is related to insufficient validation of user input. Hackers can add fake addresses to the CC field in emails that are disguised as Gmail. As a result, instead of real addresses, base64 strings appear in the field, which are processed by Zimbra mail servers.
Exploitation of the vulnerability allows attackers to gain unauthorized access, escalate privileges, and compromise system security. Project Discovery reports that even unupdated versions of Zimbra can partially protect against attack, but small changes in the command syntax allow you to bypass this protection.
According to Proofpoint, the same servers that are used to send malicious emails are also involved in downloading and installing malware on compromised systems. Hackers try to create web shells on vulnerable Zimbra servers, which gives them the ability to execute commands and download files remotely.
Ivan Kwiatkowski, lead cyber threat researcher at HarfangLab, warned that mass attacks have already begun and strongly recommends that Zimbra users install updates immediately.
According to Zimbra's security advisory page, the vulnerability was discovered by graduate student Alan Lee of National Yang Ming Chao Tung University in Taiwan. Although it has not yet been assigned an official level of danger, Project Discovery researchers have rated it as "critical" due to serious security threats.
The National Vulnerability Database (NVD) has assigned the vulnerability a CVE identifier. However, due to the high load on the organization, the vulnerability analysis process is delayed. In February of this year, NVD said it needed time to "address issues in the NVD program and develop improved tools and methods". According to VulnCheck, by May, 93.4% of all vulnerabilities did not have enough information to ensure protection.
The National Institute of Standards and Technology (NIST), which manages the NVD, signed a contract with Analygence in May to speed up the processing of vulnerabilities. Despite the progress, 14.1% of new vulnerabilities still remain without a severity assessment, although NIST promised to complete the work by September 30.
Source
