Zimbra's CVE-2024-45519
-
Cyble Inc ☛ Zimbra RCE Vulnerability Under Active Attack. Patch Now.
Researchers were labeling the vulnerability in Zimbra’s postjournal SMTP parsing service as critical even before MITRE and NVD rated it.
A Proof of Concept (PoC) reported by ProjectDiscovery researchers demonstrated that the vulnerability could be exploited with specially crafted emails, and exploits began within a day of that.
The postjournal service is not enabled by default, but some researchers found the vulnerability nonetheless alarming.
-
Security Week ☛ Critical Zimbra Vulnerability Exploited One Day After PoC Release
The underlying issue, ProjectDiscovery explained, was the lack of sanitization of user-provided input, allowing attackers to craft SMTP messages to inject commands on the postjournal service.
While the service is disabled by default, attackers could exploit the flaw remotely on servers that have it enabled, if the attack originates from within an allowed network range.
-
Bruce Schneier ☛ Weird Zimbra Vulnerability
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.
-
The Register UK ☛ Critical Zimbra RCE now mass-exploited, experts say
The remote code execution vulnerability (CVE-2024-45519) was disclosed on September 27, along with a proof of concept (PoC) exploit, and Proofpoint reports that attacks using it began the following day.
-
Ars Technica ☛ Attackers exploit critical Zimbra vulnerability using cc’d email addresses
The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server. Zimbra recently patched the vulnerability. All Zimbra users should install it or, at a minimum, ensure that postjournal is disabled.