IRONSMITHINTEL
HIGHCVSS7.5
|
Actively Exploited
|CISA KEV|CVE-2022-27924|Auth: none — unauthenticated|Reboot: required|Manual only

Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability (CVE-2022-27924)

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

Published Apr 21, 2022 · Updated May 29, 2026
XLinkedIn
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-08-25 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-74) (CWE-74) vulnerability in Synacor Zimbra Collaboration Suite (ZCS). Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running zimbra collaboration suite: 8.8.15, 9.0.0
Real-world incidentsWhat we've seen

CISA confirms this CVE has been used in known ransomware campaigns. Added to the KEV catalog on 2022-08-04; federal agencies required to remediate by 2022-08-25.

How to patch

Get the fix

Apply the fixed package from your vendor. The advisory lists affected versions and the exact fixed build.

Vendor advisory

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    Vendor advisory: https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2022-27924
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27924
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

Related vulnerabilities