CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild.

Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra Collaboration Suite that could be abused by an attacker to trick users into downloading arbitrary JavaScript code simply by clicking a link to exploit URLs in phishing messages.

The Known Exploited Vulnerabilities Catalog is a repository of security flaws that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.

The vulnerability came to light on February 3, 2022, when cybersecurity firm Volexity identified a series of targeted spear-phishing campaigns aimed at European government and media entities that leveraged the aforementioned flaw to gain unauthorized access to victim’s mailboxes and plant malware.

Volexity is tracking the actor under the moniker “TEMP_HERETIC,” with the attacks impacting the open-source edition of Zimbra running version 8.8.15. Zimbra has since pushed out a hotfix (version 8.8.15 P30) to remediate the flaw.

Due to the potential impact of this vulnerability, CISA has given federal agencies until March 11, 2022, to apply the security updates. In addition to CVE-2022-24682, CISA has also added the following three vulnerabilities to the catalog –

  • CVE-2017-8570 (CVSS score: 7.8) – Microsoft Office Remote Code Execution Vulnerability
  • CVE-2017-0222 (CVSS score: 7.5) – Microsoft Internet Explorer Memory Corruption Vulnerability
  • CVE-2014-6352 (CVSS score: N/A) – Microsoft Windows Code Injection Vulnerability