CVE-2023-34192
Zimbra, the email software provider, has raised an alert about a severe zero-day vulnerability in its software that’s currently being exploited in real-world attacks.
The company has identified a security flaw in the Zimbra Collaboration Suite Version 8.8.15 that could potentially compromise the privacy and integrity of users’ data, according to its advisory. While further details about this flaw are being kept under wraps for now, Zimbra has assured that it’s addressed the issue via input sanitization and will deliver a patch in its July update.
Meanwhile, Zimbra is advising its customers to manually apply a workaround to neutralize the threat. It involves backing up a specific file and updating a line of code within it. The Google Threat Analysis Group (TAG) discovered the flaw, identifying it as a cross-site scripting (XSS) vulnerability, and reported it as being leveraged in a targeted attack.
Concurrently, Cisco has rolled out patches to fix a serious vulnerability in its SD-WAN vManage software (CVE-2023-20214, CVSS score: 9.1). This flaw could permit an unauthenticated, remote attacker to obtain read or limited write permissions to an affected Cisco SD-WAN vManage configuration. The company has released fixes in various versions of the software and confirmed that it’s not aware of any malicious exploitation of the flaw.
The severe security flaw in Zimbra has been assigned the CVE identifier CVE-2023-34192 and has received a CVSS score of 9.0 out of a maximum of 10. The National Vulnerability Database (NVD) of NIST describes the flaw as a “Cross-Site Scripting vulnerability in Zimbra ZCS v.8.8.15,” allowing a remote authenticated attacker to execute arbitrary code via a specially crafted script.
Cybersecurity is a critical aspect for any organization in today’s digital era. At Info System Consultants, we are committed to keeping you safe from such threats. It’s time to reinforce your digital defenses. Contact us today to discuss a personalized security strategy for your organization. Stay informed, stay safe!