Activity Feed

cbeek-r7 reported CVE-2023-25280 as Exploited in the Wild

October 10, 2024 9:19am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-43573 as Exploited in the Wild

October 10, 2024 9:16am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-43572 as Exploited in the Wild

October 10, 2024 9:15am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-43047 as Exploited in the Wild

October 10, 2024 9:14am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-9380 as Exploited in the Wild

October 10, 2024 9:12am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-9379 as Exploited in the Wild

October 10, 2024 9:11am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cbeek-r7 reported CVE-2024-23113 as Exploited in the Wild

October 10, 2024 9:10am UTC (1 week ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog)

cwyre-r7 reported CVE-2024-45519 as Exploited in the Wild

October 03, 2024 7:23pm UTC (2 weeks ago)

Indicated source as

Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog)

ccondon-r7 reported CVE-2024-29824 as Exploited in the Wild

October 03, 2024 2:20pm UTC (2 weeks ago)

Indicated source as

Vendor Advisory (https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US)

2

ccondon-r7 assessed CVE-2024-45519

October 02, 2024 7:58pm UTC (2 weeks ago)•Edited 2 weeks ago

Ratings

Attacker Value

Medium

Easy to weaponize Unauthenticated Vulnerable in uncommon configuration

Technical Analysis

This is one of a list of vulnerabilities disclosed in Synacor’s Zimbra Collaboration Suite recently — this particular issue lies in Zimbra’s postjournal service and evidently allows for unauthenticated command execution. Multiple sources are reporting either attempted or successful exploitation along with insights on post-exploitation behavior.

One of the technical staff on Zimbra commented to HelpNetSecurity that the postjournal service “may be optional or not enabled on most systems,” which probably means a lower exploitable target population. Zimbra has historically been a target for both APT and commodity attackers, so for orgs that run this software, it’s a good idea to patch up (and/or verify the vulnerable service isn’t enabled).

Scoring this as a Medium for attacker value as of now since 1) attackers like Zimbra and are into whatever lets ‘em read emails (particularly from gov servers!); and 2) this config doesn’t seem to be the default, and some of the public write-ups do mention misses on getting exploits working.

More references:

Zimbra advisory page
Root cause analysis and PoC (Project Discovery)
Additional context (Bleeping Computer)

Other Zimbra CVE analysis in AttackerKB: