CVE-2022-27924
HIGH KEV RANSOMWARE NUCLEIZimbra Collaboration Suite 8.8.15 and 9.0 - Unauthenticated Memcache Command Injection
Title source: llmExploitation Summary
CVE-2022-27924 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 4, 2022, with confirmed use in ransomware campaigns. A Nuclei detection template is also available.
Description
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
Nuclei Templates (1)
Zimbra Collaboration Suite - Memcached Command Injection
HIGHVERIFIEDby rxerium
Shodan:
http.title:"zimbra collaboration suite"
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory x_refsource_misc
https://wiki.zimbra.com/wiki/Security_Center
Release Notes, Vendor Advisory x_refsource_misc
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27924
Scores
CVSS v3
7.5
EPSS
0.9070
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-08-04
VulnCheck KEV
2022-08-04
InTheWild.io
2022-08-04
ENISA EUVD
EUVD-2022-32412
Ransomware Use
Confirmed
CWE
CWE-74
Status
published
Products (2)
synacor/zimbra_collaboration_suite
8.8.15 (32 CPE variants)
synacor/zimbra_collaboration_suite
9.0.0 (18 CPE variants)
Published
Apr 21, 2022
KEV Added
Aug 04, 2022
Tracked Since
Feb 18, 2026