FortiGuard Outbreak Alert: Synacor Zimbra Collaboration Command Execution Vulnerability
| Description | Zimbra Collaboration (By Synacor) is an email and collaboration software.
CVE-2024-45519 is a remote code execution vulnerability in Zimbra Collaboration’s post journal service which handles the processing of email messages. A failure to sanitize user input allows attackers to send specifically crafted emails to achieve remote code execution on vulnerable Zimbra server.
The following versions of Zimbra Collaboration is affected:
| ||||||
| CVE ID | CVE-2024-45519 (https://nvd.nist.gov/vuln/detail/CVE-2024-45519) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v2024.9+
| ||||||
| Playbook | N/A | ||||||
| Threat hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Synacor Zimbra Collaboration Command Execution Vulnerability” related activities. All IOCs listed above have been added to Threat Intelligence Intel | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2056356 → ET EXPLOIT Zimbra postjournal RCE Attempt Inbound (CVE-2024-45519) | ||||||
| Other Fortinet Products | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to https://www.fortiguard.com/outbreak-alert/zimbra-collaboration-rce |