CVE-2024-45519 is a critical Remote Code Execution (RCE) vulnerability in the Zimbra postjournal service, which is currently under active exploitation. Users are strongly advised to update their systems immediately, as a Proof of Concept (PoC) has demonstrated that the vulnerability can be exploited via specially crafted emails. Cyble sensors have detected over 90,000 Zimbra instances exposed on the internet with previous unpatched vulnerabilities, making rapid intervention by all Zimbra customers critical.
| Product | Zimbra imapd |
| Date | 2024-10-02 13:55:44 |
| Information |
|
Technical Summary
A critical Remote Code Execution vulnerability has been identified in versions of the Zimbra Collaboration Suite. This flaw is currently being actively exploited, allowing attackers to gain unauthorized access, execute arbitrary commands, and potentially escalate privileges. A successful exploit could compromise the integrity and confidentiality of affected systems, leading to full control of the target environment.
Recommendations
Immediate Patching: Zimbra administrators must update to the patched versions that add input sanitization and replace
popenwithexecvpto mitigate the direct command injection vulnerability. Patched versions include: – 9.0.0 Patch 41 – 10.0.9 – 10.1.1 – 8.8.15 Patch 46Configuration Verification: Administrators should verify the configuration of the
mynetworksparameter to prevent external exploitation of the vulnerability.Malicious Activity Monitoring: Monitor for suspicious emails and exploit attempts, particularly those originating from known sources such as the IP address
79.124.49[.]86.
[Callforaction-THREAT-Footer]
