CVE-2022-27924

CVSS 7.5 HIGHEPSS 84.6%● KEVCWE-74

In short

Zimbra Collaboration has a flaw that allows attackers without logging in to inject harmful commands into its cache memory system, potentially overwriting important stored data and disrupting service.

Technical detail

CVE-2022-27924 is an unauthenticated memcache injection vulnerability (CWE-74) in Zimbra Collaboration 8.8.15 and 9.0. The vulnerability stems from improper input validation allowing arbitrary memcache commands to be injected and executed unescaped, resulting in arbitrary cache entry overwrite and potential denial of service or information disclosure.

Summary generated and translated by AI from the official description.

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27924