A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction.
“With the consequent access to the victims’ mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information,” SonarSource said in a report shared with The Hacker News.
Tracked as CVE-2022-27924 (CVSS score: 7.5), the issue has been characterized as a case of “Memcached poisoning with unauthenticated request,” leading to a scenario where an adversary can inject malicious commands and siphon sensitive information.
This is made possible by poisoning the IMAP route cache entries in the Memcached server that’s used to look up Zimbra users and forward their HTTP requests to appropriate backend services.
Source: THN