A new critical unauthorized access vulnerability impacting the Zimbra suite has been reported. It has been assigned the reference CVE-2024-45519 and a CVSS 3.1 score of 9.8. The Stormshield Customer Security Lab details our protection offerings.

It should be noted that this vulnerability has public proof-of-concepts, allowing attackers to easily exploit this vulnerability.

 

Initial vector attack of the Zimbra vulnerability

The vulnerability allows an unauthenticated attacker to trigger remote code execution on the Zimbra server with a specially crafted email.

 

Technical details of the Zimbra vulnerability

The postjournal service does not perform sufficient sanitization of received data before having it interpreted by the evecvp function. The attacker can use the recipient's email address field to store shell commands that will be executed by the server.

However, it should be noted that the postjournal service is not enabled in a default configuration.

 

Attack modelling with MITRE ATT&CK

MITRE ATT&CK

  • T1190 (Exploit Public-Facing Application)

 

How to protect against the Zimbra vulnerability with Stormshield Network Security

Protection against CVE-2024-45519

Stormshield Network Security (SNS) firewalls detect and block exploitation of CVE-2024-45519 with the following pattern:

  • smtp:client.18 : Exploitation of a remote code execution vulnerability in Zimbra (CVE-2024-45519)

Confidence index for the protection offered by Stormshield

Confidence index for the absence of false positives

Recommandations regarding the Zimbravulnerability

It is strongly recommended to update the Zimbra suite to one of the following versions:

  • 8.15 patch 46
  • 0.0 patch 41
  • 0.9
  • 1.1

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need more information about Stormshield protection? The Technical Support teams are at your disposal to help you. Contact them through the incident manager located in the MyStormshield private area. To access it, select the menu "Technical Support / Report an incident / Track an incident".
Stormshield's Cyber Threat Intelligence team has two primary missions: to study cyber threats to understand them and to continuously improve Stormshield product protections. All with the goal of contributing to the cybersecurity community's effort to address cyber threats.