Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-08-25 under CISA BOD 22-01.
This is a Software Vulnerability (CWE-74) (CWE-74) vulnerability in Synacor Zimbra Collaboration Suite (ZCS). Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
CISA confirms this CVE has been used in known ransomware campaigns. Added to the KEV catalog on 2022-08-04; federal agencies required to remediate by 2022-08-25.
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply updates per vendor instructions.
References
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References