Attacks targeting Zimbra email servers impacted by the remote code execution vulnerability tracked as CVE-2024-45519 have been deployed by several threat actors, according to SC Media.
Exploitation of the flaw, which stems from Zimbra's faulty Postjournal SMTP request management, involved the delivery of malicious Gmail-spoofing emails with an automated script to fake addresses in the CC field. When opened, these emails could facilitate total system takeovers, a report from Proofpoint showed.
Further increasing the severity of the bug is its exploitability even without authentication, reported SOCRadar researchers.
"Anyone with access to the network where the postjournal service is running can exploit the vulnerability, leading to full control of the Zimbra server," said SOCRadar, which also noted reports of widespread targeting of vulnerable Zimbra instances. Such an issue should prompt immediate upgrades to the latest version of the Zimbra email server, as well as increased vigilance on unwanted emails and suspicious email links.
