Hot Topics
Security Bloggers Network 
SBN

Roundcube Webmail Vulnerability Under Exploitation, Patch Now

by Rohan Timalsina on February 26, 2024

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube webmail vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2023-43770, this issue is a persistent cross-site scripting (XSS) issue that allows attackers to obtain sensitive information through specially crafted links in plain text messages. The affected Roundcube versions include 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3.

 

What is XSS Vulnerability

 

Cross-Site Scripting (XSS) is a security flaw commonly found in web applications. It occurs when a web application allows users to input data that is then included in the output web page without proper validation or escaping. Attackers exploit this vulnerability by injecting malicious code into websites, typically in the form of HTML or JavaScript. When other users visit the affected page, these scripts execute in their browsers, potentially allowing the attacker to steal sensitive information, manipulate page content, or perform other malicious actions.

A patch for the Roundcube webmail vulnerability was issued in the Roundcube version 1.6.3 on 15 September 2023. To mitigate this vulnerability, it is essential to upgrade the existing Roundcube installations to the newer version. At the time of writing, the latest version of Roundcube is 1.6.6, which is also not affected by CVE-2023-43770.

 

CISA Urges to Patch Roundcube Webmail Vulnerability

 

Roundcube Webmail, a popular web-based IMAP email client, facilitates email access across multiple devices via the Internet Message Access Protocol (IMAP). With over 132,000 Roundcube servers worldwide, primarily concentrated in the US and China, the impact of this vulnerability is widespread.

Although the specifics of the exploitation remain unknown, it’s worth noting that threat actors, particularly those associated with Russia, such as APT28 and Winter Vivern, have a history of weaponizing vulnerabilities in web-based email clients.

Given the severity of this exploit and the potential for widespread ramifications, prompt action is paramount. FCEB agencies must prioritize remediation efforts by updating to Roundcube version 1.6.3 or newer before March 4, 2024. Additionally, all Roundcube Webmail users are strongly advised to update their installations immediately to mitigate the risk posed by this vulnerability.

 

The sources for this article include a story from BleepingComputer.

The post Roundcube Webmail Vulnerability Under Exploitation, Patch Now appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/roundcube-webmail-vulnerability-under-exploitation-patch-now/

Rohan Timalsina , , , , , , , , , , , ,