CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild.

Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra Collaboration Suite that could be abused by an attacker to trick users into downloading arbitrary JavaScript code simply by clicking a link to exploit URLs in phishing messages.

The Known Exploited Vulnerabilities Catalog is a repository of security flaws that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.

The vulnerability came to light on February 3, 2022, when cybersecurity firm Volexity identified a series of targeted spear-phishing campaigns aimed at European government and media entities that leveraged the aforementioned flaw to gain unauthorized access to victim’s mailboxes and plant malware.

Volexity is tracking the actor under the moniker “TEMP_HERETIC,” with the attacks impacting the open-source edition of Zimbra running version 8.8.15. Zimbra has since pushed out a hotfix (version 8.8.15 P30) to remediate the flaw. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *