CVE-2022-27924
Published: 21 April 2022
Summary
CVE-2022-27924 is a high-severity Injection (CWE-74) vulnerability in Synacor Zimbra Collaboration Suite. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
Zimbra Collaboration (ZCS) versions 8.8.15 and 9.0 contain a vulnerability that permits injection of arbitrary memcache commands. The flaw stems from insufficient escaping of these commands, which allows an attacker to overwrite arbitrary entries in the cache and produces a CVSS 3.1 score of 7.5 under CWE-74.
An unauthenticated remote attacker can send crafted requests that reach the memcache layer directly. Successful exploitation results in modification of cached data without any authentication or user interaction, affecting the integrity of the targeted Zimbra instance.
Zimbra has published security advisories and patched releases, including 9.0.0 P24, on its official wiki pages that detail the affected components and available updates. The current EPSS score of 0.9070 with a recorded peak of 0.9195 indicates sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-32412
Vulnerability details
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
- CWE(s)
- KEV Date Added
- 04 August 2022
Related Threats
Threat-Actor AttributionAI
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation and sanitization of all input to block unescaped memcache command injection that overwrites cached entries.
Enforces access-control decisions so that unauthenticated network requests cannot reach or modify the memcache layer.
Enforces information-flow policies between external requests and internal cache stores, stopping unauthorized command injection.