Created on 10-16-2024 10:32 AM
Zimbra Collaboration (By Synacor) is an email and collaboration software.
CVE-2024-45519 is a remote code execution vulnerability in Zimbra Collaboration’s post journal service which handles the processing of email messages.
A failure to sanitize user input allows attackers to send specifically crafted emails to achieve remote code execution on vulnerable Zimbra server.
The following versions of Zimbra Collaboration is affected:
CVE ID
CVE-2024-45519 (https://nvd.nist.gov/vuln/detail/CVE-2024-45519)
NDR Cloud Detection Rule
FortiNDR Cloud v2024.9+
Detection Rule Name
Category
Primary MITRE ID
FortiGuard Outbreak Alert: Zimbra Collaboration Remote Code Execution Attempt - CVE-2024-45519
Attack: Exploitation
T1190 - Exploit Public-Facing Application
Playbook
Threat hunting
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Synacor Zimbra Collaboration Command Execution Vulnerability” related activities.IOC source: https://www.fortiguard.com/outbreak-ioc?tag=zimbra%20collaboration%20rce
All IOCs listed above have been added to Threat Intelligence Intel
Suricata Coverage
Customers can create custom investigation/detections using the Suricata signatures below:
2056356 → ET EXPLOIT Zimbra postjournal RCE Attempt Inbound (CVE-2024-45519)
Other Fortinet Products
You are leaving our site and we cannot be held responsible for the content of external websites
