CVE-2022-27924

HIGH KEV RANSOMWARE NUCLEI

Synacor Zimbra Collaboration Suite - Injection

Title source: rule

Description

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.

Nuclei Templates (1)

Zimbra Collaboration Suite - Memcached Command Injection

HIGHVERIFIEDby rxerium

Shodan: http.title:"zimbra collaboration suite"

References (4)

[Vendor Advisory] https://wiki.zimbra.com/wiki/Security_Center

[Release Notes, Vendor Advisory] https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24

[Vendor Advisory] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27924

Scores

CVSS v3 7.5

EPSS 0.9121

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CISA KEV 2022-08-04

VulnCheck KEV 2022-08-04

InTheWild.io 2022-08-04

ENISA EUVD EUVD-2022-32412

Ransomware Use Confirmed

CWE

CWE-74

Status published

Products (2)

synacor/zimbra_collaboration_suite 8.8.15 (32 CPE variants)

synacor/zimbra_collaboration_suite 9.0.0 (18 CPE variants)

Published Apr 21, 2022

KEV Added Aug 04, 2022

Tracked Since Feb 18, 2026