Emergency maintenance Telephony platform (ASB7)
Emergency maintenance mShield
User changes ASB7
Telephony platform maintenance
Emergency maintenance Telephony platform
Active exploitation of Zimbra vulnerability
There are signals of active exploitation of a vulnerability in Zimbra Collaboration. This vulnerability is identified by attribute CVE-2024-45519 . Previously, researchers Proof-of-Concept code and an exploit is available. As a result, the vulnerability has been assessed as ' High/High '. This means that both the chance of misuse and the chance of damage are high.
What's the risk?
Sending a specially crafted email to a vulnerable server can execute arbitrary code on the Zimbra server, including placing a web shell. A web shell is a script that allows an attacker to remotely access the server or execute arbitrary code.
What can I do?
Zimbra Collaboration's parent company, Synacor, has released updates to fix the vulnerabilities. The Digital Trust Center (DTC) advises to provide Zimbra installations with the available security updates and, where possible, also set up monitoring for additional abuse. If necessary, ask your IT service provider to help you with this.