www.belgium.be Logo of the federal government

Warning - an unauthenticated attacker could gain access to a Zimbra account.

Reference: 
Advisory #2023-0102
Version: 
1.0
Affected software: 
Zimbra Collaboration software prior to 10.0.3
Zimbra Collaboration software prior to 9.0.0 Patch 35
Zimbra Collaboration software prior to 8.8.15 Patch 42
Type: 
Information Disclosure
CVE/CVSS: 

CVE-2023-41106
CVSS score: 8.8
CVSS: 2/AV:N/AC:M/Au:N/C:P/I:N/A:N

Date: 
28/08/2023

Sources

https://blog.zimbra.com/2023/08/zimbra-security-update/
https://nvd.nist.gov/vuln/detail/CVE-2023-41106

Risks

A one-click security vulnerability in all versions of Zimbra Collaboration has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account. An attacker could leverage this access for malicious purposes. This poses a significant threat to data integrity of the compromised user.

Description

Zimbra Collaboration, formerly known as the Zimbra Collaboration Suite (ZCS), is a collaborative software suite that includes an email server and a web client.

CVE-2023-41106 can be exploited by sending a malicious link to a Zimbra user. When the user clicks on the link, they will be tricked into providing their Zimbra credentials, which the attacker can then use to access their account. This information could be leveraged for impersonating the involved user, lateral movement, ...

The vendor indicated this vulnerability was reported by a security researcher . The vendor did not indicate this vulnerability is publicly exploited. Future exploitation is to be expected.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

User awareness
This vulnerability requires user interaction. Please ensure your staff members are able to identify likely malicious links and know how to report these within your organization.

Patch
To fix this vulnerability install the latest Zimbra patch (by using apt or yum), the vulnerability is fixed in:

  • 10.0.3 Daffodil
  • 9.0.0 Kepler Patch 35
  • 8.8.15 Joule Patch 42

In case you are unable to install the latest patch, you can obtain manual mitigation steps via Zimbra Support.

Monitor/detect
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://www.safeonweb.be/en/help-i-clicked-fake-link