virus logo Intrusion Prevention

SMTP.RCPT.TO.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in SMTP servers.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote attacker can exploit this vulnerability by sending maliciously crafted SMTP RCPT TO commands to a vulnerable SMTP server. Successful exploitation could result in arbitrary command execution in the security context of the application.

description-logoOutbreak Alert

Threat Actors are exploiting a recently fixed RCE vulnerability in Zimbra email servers, which can be exploited just by sending specially crafted emails to the SMTP server.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Zimbra Collaboration (ZCS) version 8.8.15 prior to Patch 46
Zimbra Collaboration (ZCS) version 9.0.0 versions prior to patch 41
Zimbra Collaboration (ZCS) versions prior to 10.1.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest patch to the vulnerable software.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-12-02 29.913
Modified
 Sig Added
2024-10-30 28.893
Modified
 Default_action:pass:drop
2024-10-17 28.885
Modified
 Sig Added
2024-10-09 28.878
New
ID 56686
Created Oct 03, 2024
Updated Dec 02, 2024
CVE ID
Tags Zimbra Collaboration RCE Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.14%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App Other
Profile Type Code Injection