“Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. The vulnerability CVE-2024-45519 is a remote code execution vulnerability in Zimbra mail servers that was discovered by the security researcher lebr0nli (Alan Li). Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations.” reads a blog post published by Project Discovery. “Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Threat actors started exploring the vulnerability after the cybersecurity firm Project Discovery released technical details of the vulnerability and PoC exploit code. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on vulnerable instances. The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands.
This Cyber News was published on securityaffairs.com. Publication date: Wed, 02 Oct 2024 10:43:07 +0000