Synacor Zimbra Collaboration Command Execution Vulnerability

What is the Vulnerability?

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows attackers to execute arbitrary commands on vulnerable systems. CVE-2024-45519 is a vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.

Zimbra Collaboration (by Synacor) is a popular cloud-based collaboration software and email platform. The remote code execution vulnerability (CVE-2024-45519) in this software has publicly available a proof of concept (PoC) exploit.

What is the recommended Mitigation?

Zimbra has released a patch for CVE-2024-45519. Organizations that haven’t implemented the latest patch are advised to do so immediately. https://blog.zimbra.com/2024/10/zimbra-cve-2024-45519-vulnerability-stay-secure-by-updating/

What FortiGuard Coverage is available?

• FortiGuard Labs team has added an IPS protection "SMTP.RCPT.TO.Command.Injection" to detect and block any attempts targeting the vulnerable systems.

• FortiGuard recommends users to apply the fix provided by the vendor. 

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.