CVE-2024-45519 – Zimbra Collaboration Unauthenticated Remote Command Execution
Multiple versions of Zimbra Collaboration application are affected by an unauthenticated remote command execution vulnerability (CVE-2024-45519). Specifically crafted SMTP commands to Zimbra’s email server component can result in the execution of local OS commands. Versions less than 9.0.0 Patch 41, less than 10.0.9, less than 10.1.1, or less than 8.8.15 Patch 46 are vulnerable.
Remotely detecting of the exact exploit is difficult. Users should instead check that any assets flagged as “Potentially Affected” to ensure they are updated to the latest version of Zimbra.
References: