Cve20207796 Zimbra Collaboration Suite Full ~repack~ [ 4K ]

critical

CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It specifically affects the WebEx zimlet component and can allow an unauthenticated attacker to force the server to make unauthorized HTTP requests to internal or external systems . Vulnerability Overview CVE ID: CVE-2020-7796

Real-World Context

This vulnerability has been widely exploited in the wild. Shortly after the publication of the Proof of Concept (PoC) code, automated bots began scanning the internet for vulnerable Zimbra servers. Security researchers observed that threat actors were utilizing this flaw to deploy web shells (such as kthxm.jsp or variations of the "China Chopper" shell) to establish persistent access. In many cases, the attacks were not immediately destructive; instead, actors silently exfiltrated data or used the compromised mail servers to send spam and phishing emails to other organizations. cve20207796 zimbra collaboration suite full

CVE-2020-27996

| CVE | Type | Auth Required | Impact | |-----|------|---------------|--------| | CVE-2020-27988 | Path traversal to mail read | No | Unauthenticated mail fetch | | CVE-2020-28016 | SSRF via proxy | No | Internal port scanning, limited info leak | | | RCE via extension/proxy | No | Full system compromise | Zimbra Security Center: https://www

• Zimbra Security Center: https://www.zimbra.com/security/
• OWASP Zimbra Security: https://owasp.org/www-community/attacks/Zimbra_Collaboration_Suite_Vulnerabilities

9. Conclusion – Lessons Learned from CVE-2020-27996

: Always perform a full backup of your Zimbra environment before applying patches. Check for Updates the attacks were not immediately destructive