The /h/search?phone=&action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website. The victim follows the link to the attacker's machine and sends a request to /h/search?phone= to the Zimbra server. The server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. In addition, the /h/search?action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website, and the victim follows the link to the attacker's machine. When the victim sends a request to /h/search?action=listen to the Zimbra server, the server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. Both of these issues can be used to gain access to the voicemail inbox on the Zimbra server.
CVE-2023-41353
The /h/search?phone=&action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website. The victim follows the link to the attacker's machine and sends a request to /h/search?phone= to the Zimbra server. The server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. In addition, the /h/search?action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website, and the victim follows the link to the attacker's machine. When the victim sends a request to /h/search?action=listen to the Zimbra server, the server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. Both of these issues can be used to gain access to the voicemail inbox on the Zimbra server.
Zimbra Checklist:
- Check the source code to make sure there are no XSS vulnerabilities.
- Check for any known vulnerabilities in the versions of PHP and other libraries that are used.
- Make sure that all web server configurations allow for public access.
- Make sure that Zimbra has been updated to the latest version, as well as all underlying components of Zimbra such as PHP, MySQL, and Apache.
CVE-2023-41349
The /h/search?phone=&action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website. The victim follows the link to the attacker's machine and sends a request to /h/search?phone= to the Zimbra server. The server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. In addition, the /h/search?action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a link to a malicious website, and the victim follows the link to the attacker's machine. When the victim sends a request to /h/search?action=listen to the Zimbra server, the server responds with the voicemail inbox, which allows executing JavaScript to escalate privileges. Both of these issues can be used to gain access to the voicemail inbox on the Zimbra server.
Timeline
Published on: 10/12/2022 20:15:00 UTC
Last modified on: 10/14/2022 09:17:00 UTC