CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45519

Critical Severity
Zimbra
SVRS
89/100
CVSSv3
9.8/10
EPSS
0.9415/1

CVE-2024-45519 is a critical vulnerability in Zimbra Collaboration (ZCS) that allows unauthenticated users to execute commands. This flaw affects versions before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1. With a high SOCRadar Vulnerability Risk Score (SVRS) of 89, this CVE signifies an urgent threat, necessitating immediate remediation actions. The postjournal service is the source of this vulnerability. Due to publicly available exploits and the potential for remote command execution without authentication, systems are at high risk of compromise. This is a significant security concern as threat actors can exploit this flaw to gain unauthorized access and control over affected Zimbra servers. The presence of this vulnerability in the CISA KEV catalog and the availability of active exploits in the wild make it a priority for patching.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-02
LAST MODIFIED2025-02-25
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-45519 is a critical vulnerability in Zimbra Collaboration (ZCS) that allows unauthenticated users to execute commands. This vulnerability has a CVSS score of 10, indicating its severe impact. The SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 64, which signifies a high level of urgency and risk.

Key Insights:

  • Unauthenticated Remote Code Execution: This vulnerability allows attackers to execute arbitrary commands on vulnerable systems without requiring authentication.
  • Active Exploitation: Active exploits have been published, indicating that attackers are actively exploiting this vulnerability.
  • High Impact: The ability to execute commands remotely can lead to a wide range of malicious activities, including data theft, system compromise, and ransomware attacks.

Mitigation Strategies:

  • Apply Patches: Install the latest security patches from Zimbra as soon as possible.
  • Restrict Access: Implement network segmentation and firewall rules to limit access to vulnerable systems.
  • Enable Intrusion Detection Systems: Deploy intrusion detection systems to monitor for suspicious activity and alert on potential attacks.
  • Educate Users: Train users on the importance of cybersecurity and encourage them to report any suspicious activity.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • This vulnerability is actively exploited by hackers in the wild.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-455192024-10-03
TOB1a3/CVE-2024-45519-PoChttps://github.com/TOB1a3/CVE-2024-45519-PoC2024-09-26
XiaomingX/cve-2024-45519-pochttps://github.com/XiaomingX/cve-2024-45519-poc2024-11-22
Synacor Zimbra Collaboration Command Execution Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-455192024-10-03
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, October 2nd, 2024
Dr. Johannes B. Ullrich2024-10-02
ISC StormCast for Wednesday, October 2nd, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Hurricane Aftermath; Zimbra Vuln and Exploit; MSFT Edge Extension Security; Supermicro BMC flawHurricane Helene Aftermath - Cyber Security Awareness Month https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314 Zimbra - Remote Command Execution (CVE-2024-45519) https://blog.projectdiscovery.io/zimbra-remote-code-execution/ Enhancing the security of Microsoft Edge extensions with the new Publish API
sans.edu
rss
forum
news
Aktive Ausnutzung einer Sicherheitslücke in Zimbra Mail Server (CVE-2024-45519)
CERT.at2025-04-01
Aktive Ausnutzung einer Sicherheitslücke in Zimbra Mail Server (CVE-2024-45519) | Der Hersteller des Zimbra Mail-Servers, Synacor, hat ein Advisory zu einer Sicherheitslücke in Zimbra Collaboration veröffentlicht. Die veröffentlichte Schwachstelle, CVE-2024-45519, erlaubt es nicht-authentifizierten Benutzern aus der Ferne Code auszuführen. Für die betroffenen Versionen (9.0.0, 10.0.9, 10.1.1 und 8.8.15) stehen jeweils Updates bereit, welche eine striktere Prüfung von empfangenen Daten im
cert.at
rss
forum
news
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast - Help Net Security
2024-10-06
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them
google.com
rss
forum
news
Exploits and vulnerabilities in Q3 2024
Alexander Kolesnikov2024-12-06
Exploits and vulnerabilities in Q3 2024 | The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHionQ3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example
securelist.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC SERVER AND GITHUB ENTERPRISE VULNERABILITIES
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC SERVER AND GITHUB ENTERPRISE VULNERABILITIES | Written By: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities that pose significant risks to third-party ecosystems—CVE-2024-21216 affecting Oracle WebLogic Server and CVE-2024-9487 impacting GitHub Enterprise. These vulnerabilities, involving remote code execution and authentication bypass, respectively, threaten not only the organizations directly utilizing these products but also their entire supply chains. In […] The post FOCUS FRIDAY: TPRM INSIGHTS INTO ORACLE WEBLOGIC
normshield.com
rss
forum
news
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
Ferdi Gül2024-12-03
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE | Written by: Ferdi Gül Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial […] The post FOCUS FRIDAY: ADDRESSING
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-12-03
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written by: Ferdi Gül Welcome to this week&#8217;s edition of FOCUS FRIDAY, where we delve into high-profile cybersecurity incidents from a Third-Party Risk Management (TPRM) perspective. In this installment, we examine critical vulnerabilities affecting widely-used products such as LiteSpeed Cache, RICOH Web Image Monitor, Squid Proxy, and Xlight FTP. By leveraging Black Kite’s proprietary FocusTags™, [&#8230;] The post <a href="https://blackkite.com
normshield.com
rss
forum
news

Social Media

Zimbra - Remote Command Execution (CVE-2024-45519) https://t.co/TOaWX6NRxw #Pentesting #CyberSecurity #Infosec https://t.co/QuIGRuHjyO
0
2
5
Zimbra - Remote Command Execution (CVE-2024-45519) #Zimbra #RemoteCommandExecution #CVE202445519 #Nuclei #BugBounty https://t.co/EdrirR527d
0
0
0
Bulletin d'alerte sur la vulnérabilité CVE-2024-45519 impactant la suite de logiciels libres Zimbra ➡️ https://t.co/coHqNuzteW #vulnerabilité #CVE #cybersécurité https://t.co/oczvbRvmwx
0
0
0
Actively exploited CVE : CVE-2024-45519
1
0
0
Zimbra の脆弱性 CVE-2024-45519 の積極的な悪用を観測:パッチ未適用のシステムは 19K https://t.co/fyJjEq6cLm #CISA #Collaboration #CyberAttack #Exploit #KEV #PoCExploit #postjournal #ProjectDiscovery #Proofpoint #Shadowserver #Synacor #Vulnerability #Zimbra
0
0
1
Zimbra の脆弱性 CVE-2024-45519 への攻撃を確認:PoC 公開と CISA KEV 登録 https://t.co/RLCQ9p4iVC #CISA #CyberAttack #Exploit #Government #KEV #Lazarus #PoCExploit #ProjectDiscovery #Vulnerability #WLabs #Zimbra
0
0
0
🆕🆕🆕Exploit &amp; Lab Setup from @Chocapikk_ for CVE-2024-45519 🔗Learn more here: https://t.co/PSn0BOZdGq https://t.co/QEdld0Y5IJ
0
0
2
Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519 - https://t.co/ZqyHXzKW5D
0
0
0
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519: A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code… https://t.co/s4Mk1wEMhB https://t.co/PorAfwrkaU
0
0
0
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519 https://t.co/bRTnU7uHXy
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppZimbracollaboration

References

ReferenceLink
[email protected]https://wiki.zimbra.com/wiki/Security_Center
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
[email protected]https://wiki.zimbra.com/wiki/Security_Center
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
134C704F-9B21-4F2E-91B3-4A467353BCC0https://blog.projectdiscovery.io/zimbra-remote-code-execution/
[email protected]https://wiki.zimbra.com/wiki/Security_Center
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
[email protected]https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

CWE Details

CWE IDCWE NameDescription
CWE-863Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence