U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926, to its Known Exploited Vulnerabilities Catalog.
The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals.
Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.
The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations.
