Vulnerability Details : CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
CVE-2022-27924 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Zimbra Collaboration (ZCS) Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
Notes:
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes
Added on
2022-08-04
Action due date
2022-08-25
Exploit prediction scoring system (EPSS) score for CVE-2022-27924
9.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less