[Users] Zimbra 8.7.0 to 8.7.11 Patch 9 servers being exploited

Randy Leiker randy at skywaynetworks.com
Fri Apr 16 19:06:25 CEST 2021

Hi Everyone, 

Zimbra was included in a news release yesterday from the NSA as one of the targets of a nation state campaign: [ https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ | https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ ] 

In this campaign, the attackers are exploiting servers running Zimbra 8.7.0 to 8.7.11 Patch 10: [ https://nvd.nist.gov/vuln/detail/CVE-2019-9670 | https://nvd.nist.gov/vuln/detail/CVE-2019-9670 ] . The Zimbra 8.7.x series went end of life back on December 31, 2020 and has not received any security updates after this date, so there are many other vulnerabilities in this version that can be exploited. 

If there are any older Zimbra 8.7.x servers that you manage, you should upgrade/patch to at least 8.7.11 P14 first, and consider that it is probable your server may already be compromised. Then, promptly start working on migrating to at least 8.8.15 P20, if not 9.0 P13. 

Randy Leiker ( randy at skywaynetworks.com ) 
Skyway Networks, LLC 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20210416/cbf0af70/attachment.html>

More information about the Users mailing list