Outbreak AlertSynacor Zimbra Collaboration MBoxImport Vulnerabilities
Zimbra Collaboration aka (ZCS) Authentication Bypass in MailboxImportServlet functionality and Arbitrary File Upload Vulnerability.
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files. By bypassing authentication, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. The vulnerability exists due to an incomplete fix for CVE-2022-27925. Learn More »
Common Vulnerabilities and Exposures
Background
Zimbra Collaboration is the trusted email and collaboration platform and productivity suite that includes contacts, calendar, tasks, chat and file sharing, etc. According to Zimbra's blog, the Collaboration software is used in more than 140 countries and over 1,000 government and financial institutions.
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 92/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 97.55% |
 |
FortiGuard Telemetry | 10756 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
8/10/2022: Zimbra blog posted
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/
8/16/2022: A joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on vulnerabilities in Zimbra Collaboration that is actively leveraged in the field by threat actors. The advisory covers five CVEs: CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-37042, and CVE-2022-30333. CISA advisory:
https://www.cisa.gov/uscert/ncas/alerts/aa22-228a
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
| Indicator | Type | Status |
|---|---|---|
| 62.113.255.70 | ip | Active |
| 207.148.76.235 | ip | Active |
| 233bb85dbeba69231533408501697695a66b7790e751925... | file | Active |
| 25da610be6acecfd71bbe3a4e88c09f31ad07bdd252eb30... | file | Active |
| 3450d5a3c51711ae4a2bdb64a896d312ba638560aa00adb... | file | Active |
| 207.148.76.235:443 | ip | Inactive |
| 175.45.176.27 | ip | Active |
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.