The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two disadvantages of it Catalog of known vulnerabilities in useciting evidence of active exploitation.
Two high-severity issues are related to vulnerabilities in Zimbra Collaboration, both of which can be linked to achieve unauthenticated remote code execution on compromised email servers –
- CVE-2022-27925 (CVSS score: 7.2) – Remote code execution (RCE) via mboximport from authenticated user (fixed in versions 8.8.15 Patch 31 and 9.0.0 Patch 24 released in March)
- CVE-2022-37042 – Authentication bypass in MailboxImportServlet (fixed in versions 8.8.15 Patch 33 and 9.0.0 Patch 26 released in August)
Volexity explained “it was attainable to bypass authentication when accessing the same endpoint (mboximport) utilized by CVE-2022-27925,” and that the flaw “could be exploited with no legitimate administrative qualifications, as a result making the vulnerability appreciably additional critical in severity.”
“CVE-2022-27925 was originally mentioned as an RCE exploit necessitating authentication,” Volexity reported. “When merged with a individual bug, nonetheless, it became an unauthenticated RCE exploit that manufactured remote exploitation trivial.”
“If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible,” Zimbra warned earlier this week.