Warning - an unauthenticated attacker could gain access to a Zimbra account.
CVSS score: 8.8
A one-click security vulnerability in all versions of Zimbra Collaboration has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account. An attacker could leverage this access for malicious purposes. This poses a significant threat to data integrity of the compromised user.
Zimbra Collaboration, formerly known as the Zimbra Collaboration Suite (ZCS), is a collaborative software suite that includes an email server and a web client.
CVE-2023-41106 can be exploited by sending a malicious link to a Zimbra user. When the user clicks on the link, they will be tricked into providing their Zimbra credentials, which the attacker can then use to access their account. This information could be leveraged for impersonating the involved user, lateral movement, ...
The vendor indicated this vulnerability was reported by a security researcher . The vendor did not indicate this vulnerability is publicly exploited. Future exploitation is to be expected.
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
This vulnerability requires user interaction. Please ensure your staff members are able to identify likely malicious links and know how to report these within your organization.
To fix this vulnerability install the latest Zimbra patch (by using apt or yum), the vulnerability is fixed in:
- 10.0.3 Daffodil
- 9.0.0 Kepler Patch 35
- 8.8.15 Joule Patch 42
In case you are unable to install the latest patch, you can obtain manual mitigation steps via Zimbra Support.
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.