Tech Support
Documentation
Login
Contact Us
Zimbra warns of critical zero-day flaw actively exploited
July 27, 2023 - TuxCare PR Team
Zimbra has warned of a critical zero-day security flaw in its email software that has been actively exploited in the wild. The vulnerability, which has been assigned the CVE identifier CVE-2023-34192, could allow a remote authenticated attacker to execute arbitrary code through a crafted script to the /h/autoSaveDraft function.
The flaw, discovered and reported by Clément Lecigne of Google Threat Analysis Group, enables a remote authenticated threat actor to execute arbitrary code by crafting a script to the /h/autoSaveDraft function. As the specifics of the exploit remain undisclosed, experts are concerned about its potential implications.
The vulnerability affects Zimbra Collaboration Suite (ZCS) v.8.8.15, which is used by a wide range of organizations, including government agencies, universities, and businesses. Zimbra has provided instructions on how to apply a manual fix to eliminate the attack vector, but it is recommended that users upgrade to a patched version of ZCS as soon as possible.
The vulnerability in Zimbra Collaboration Suite v.8.8.15 is a cross-site scripting (XSS) flaw found in the /h/autoSaveDraft function. An attacker could take advantage of this flaw by sending a specially crafted email containing malicious JavaScript code. When the recipient opens the email, the malicious JavaScript code executes within the victim’s browser. This could potentially lead to the attacker gaining control over the victim’s computer.
The disclosure of the Zimbra zero-day comes as Cisco has also released patches to remediate a critical flaw in its SD-WAN vManage software. The Cisco vulnerability, which has been assigned the CVE identifier CVE-2023-20214, could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
The two vulnerabilities highlight the importance of keeping software up to date and applying security patches as soon as they are available. By doing so, organizations can help to protect themselves from malicious actors who are constantly looking for ways to exploit vulnerabilities in software.
To address the issue, Zimbra has provided administrators with instructions on manually applying the fix, involving the editing of a single data file. Customers are urged to follow these steps to eliminate the attack vector until the official patch release scheduled for July.
The sources for this piece include an article in TheHackerNews.
