: Restrict access to your Zimbra server so that only trusted IP addresses or networks can reach it. Monitor Logs
Upgrade to the latest version of Zimbra Collaboration Suite or apply at minimum 8.8.15 Patch 7 or higher. Disable Vulnerable Components: cve20207796 zimbra collaboration suite full
If you suspect a Zimbra server was exploited pre-patch, look for the following IoCs (Indicators of Compromise): : Restrict access to your Zimbra server so
| ZCS Version | Vulnerable? | Patch Level | |-------------|--------------|----------------| | | Yes | < Patch 12 | | 9.0.0 | Yes | < Patch 4 | | 8.8.15 P12+ | No | Fixed | | 9.0.0 P4+ | No | Fixed | | 10.x | Not affected (different architecture) | N/A | cve20207796 zimbra collaboration suite full
Researchers discovered that CVE-2020-27996 is particularly dangerous when combined with CVE-2020-27995 – an authentication bypass in Zimbra’s ProxyServlet . That flaw allowed an unauthenticated attacker to access any user’s mailbox folder directly, including the Calendar or Briefcase. Chaining them gives:
