The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include:
CVE-2022-24682
CVE-2022-27924
CVE-2022-27925 chained with CVE-2022-37042
CVE-2022-30333
Cyber threat actors may be targeting unpatched ZCS instances in both government and private sector networks.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency