February 12, 2024 at 02:03PM
CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private organizations.
Key takeaways from the meeting notes are:
1. CISA warns of an actively exploited cross-site scripting (XSS) vulnerability (CVE-2023-43770) in Roundcube email servers, impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3.
2. CISA has included the vulnerability in its Known Exploited Vulnerabilities Catalog, urging U.S. Federal Civilian Executive Branch agencies to secure Roundcube webmail servers by March 4.
3. Shodan is tracking over 132,000 Roundcube servers accessible online, but the number of vulnerable servers to ongoing attacks using CVE-2023-43770 exploits is unknown.
4. Another Roundcube flaw, a stored cross-site scripting (XSS) vulnerability (CVE-2023-5631), was targeted as a zero-day by the Winter Vivern Russian hacking group, allowing them to compromise Roundcube webmail servers belonging to government entities and think tanks in Europe.
5. Winter Vivern operators also exploited CVE-2020-35730 and Zimbra CVE-2022-27926 XSS vulnerabilities in previous attacks against government entities and NATO countries.
These takeaways highlight the urgent need to update Roundcube email servers to address the identified vulnerabilities, particularly in government and organizational contexts, to mitigate ongoing cyber threats.