-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #848 from DIVD-NL/DIVD-2024-00040
Open Case DIVD-2024-00040
- Loading branch information
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| --- | ||
| layout: case | ||
| title: "Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions" | ||
| author: Oscar Vlugt | ||
| lead: Oscar Vlugt | ||
| excerpt: "The postjournal in Zimbra Collaboration (ZCS) sometimes allows unauthenticated users to execute commands" | ||
| researchers: | ||
| - Alwin Warringa | ||
| - Max van der Horst | ||
| - Stan Plasmeijer | ||
| cves: | ||
| - CVE-2024-45519 | ||
| product: | ||
| - Zimbra Collaboration (ZCS) | ||
| versions: | ||
| - Version 8 before 8.8.15 patch 46 | ||
| - Version 9 before 9.0.0 patch 41 | ||
| - Version 10 before 10.0.9 | ||
| - Version 10.1 before 10.1.1 | ||
| recommendation: "Update to non vulnerable versions" | ||
| workaround: "None" | ||
| patch_status: Patch available | ||
| status : Open | ||
| start: 2024-09-25 | ||
| timeline: | ||
| - start: 2024-09-25 | ||
| end: | ||
| event: "DIVD starts researching the vulnerability." | ||
| - start: 2024-10-06 | ||
| end: | ||
| event: "DIVD finds fingerprint, preparing to scan." | ||
| - start: 2024-10-08 | ||
| end: | ||
| event: "Case opened and starting first scan." | ||
| --- | ||
|
|
||
| ## Summary | ||
| Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | ||
|
|
||
| ## Recommendations | ||
|
|
||
| To remediate CVE-2024-45519 apply the updates listed at the Zimbra Security Center. You can find a link to the Zimbra Security Center at the bottom of this post. | ||
|
|
||
| ## What we are doing | ||
|
|
||
| DIVD is currently working to identify parties that are running a vulnerable version of Zimbra Collaboration (ZCS) and to notify these parties. We do this by looking at the version numbers if possible. Although our fingerprinting cannot confirm if instances are vulnerable under the specific conditions, we want to issue a warning that parties should upgrade or patch if their instance falls within the specified vulnerable versions. | ||
|
|
||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
|
|
||
| * {% cve CVE-2024-45519 %} | ||
| * [National Vulnerability Database for CVE-2024-45519](https://nvd.nist.gov/vuln/detail/CVE-2024-45519) | ||
| * [Zimbra Security Center](https://wiki.zimbra.com/wiki/Security_Center) | ||
| * [Project Discovery analysis](https://blog.projectdiscovery.io/zimbra-remote-code-execution/) |