Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Vulnerable software is typically exposed to the internet, and public exploit code is integrated into attack tools such as Metasploit. An exploit can be part of an attack chain with another vulnerability (CVE-2019-9621) to gain control of a server through a web shell.
Kill Chain
Risk Score
87
The Synacor Zimbra Collaboration Suite provides email services for enterprises, among other things. The mailboxd component in Zimbra Collaboration Suite has a vulnerability that allows an attacker to inject an XML external entity (XXE) that interferes with normal XML processing between a client and server. The attacker sends an HTTP POST request with a malicious payload to the /autodiscover endpoint on a Zimbra server. The payload includes an XXE with a URI or path (such as file:///opt/zimbra/conf/localconfig.xml) that targets a file containing Zimbra account credentials [1]. The server sends an HTTP response with a payload containing file content (such as account credentials) from the URI [2]. As a result, the attacker can leverage account credentials to exploit additional vulnerabilities in an attack chain to upload a web shell and run code on the Zimbra server.
