Zimbra warns of critical zero-day flaw actively exploited
Zimbra has warned of a critical zero-day security flaw in its email software that has been actively exploited in the wild. The vulnerability, which has been assigned the CVE identifier CVE-2023-34192, could allow a remote authenticated attacker to execute arbitrary code through a crafted script to the /h/autoSaveDraft function.
The flaw, discovered and reported by Clément Lecigne of Google Threat Analysis Group, enables a remote authenticated threat actor to execute arbitrary code by crafting a script to the /h/autoSaveDraft function. As the specifics of the exploit remain undisclosed, experts are concerned about its potential implications.
The vulnerability affects Zimbra Collaboration Suite (ZCS) v.8.8.15, which is used by a wide range of organizations, including government agencies, universities, and businesses. Zimbra has provided instructions on how to apply a manual fix to eliminate the attack vector, but it is recommended that users upgrade to a patched version of ZCS as soon as possible.
The disclosure of the Zimbra zero-day comes as Cisco has also released patches to remediate a critical flaw in its SD-WAN vManage software. The Cisco vulnerability, which has been assigned the CVE identifier CVE-2023-20214, could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
The two vulnerabilities highlight the importance of keeping software up to date and applying security patches as soon as they are available. By doing so, organizations can help to protect themselves from malicious actors who are constantly looking for ways to exploit vulnerabilities in software.
To address the issue, Zimbra has provided administrators with instructions on manually applying the fix, involving the editing of a single data file. Customers are urged to follow these steps to eliminate the attack vector until the official patch release scheduled for July.
The sources for this piece include an article in TheHackerNews.