CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS). It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts by abusing the server as a proxy. Vulnerability Overview Vulnerability Type: Server-Side Request Forgery (SSRF).
Recommendations
A remote, unauthenticated attacker can send unauthorized HTTP requests from the Zimbra server to internal or external hosts. This can lead to: cve20207796 zimbra collaboration suite full
/service/proxy?target=https://127.0.0.1:7071/service/admin/soap&ContactEmails=admin@logi-core.local
POST /service/extension/UserServlet HTTP/1.1
Host: target.zimbra.com
Content-Type: application/x-www-form-urlencoded
Exploitation
Deep Dive: CVE-2020-27996 – Full Unauthenticated Remote Code Execution in Zimbra Collaboration Suite
Introduction
In the landscape of enterprise email and collaboration tools, Zimbra Collaboration Suite (ZCS) has long been a favorite for organizations seeking an alternative to Microsoft Exchange. Its robust feature set, open-source core, and scalability make it a prime target for nation-state actors and ransomware gangs alike. POST /service/extension/UserServlet HTTP/1
Further Compromise: Successful SSRF can be a gateway to stealing login credentials, injecting malware, or gaining a foothold for lateral movement within a network. Mitigation and Remediation CVE-2020-7796 Detail - NVD can be leaked.
Data Exfiltration: Sensitive information residing on the internal network, which is otherwise inaccessible from the public internet, can be leaked.