Login Sign Up

CVE-2022-27924

7.5 HIGH
Authentication Bypass

📋 TL;DR

CVE-2022-27924 is an unauthenticated memcache command injection vulnerability in Zimbra Collaboration Suite. It allows attackers to overwrite arbitrary cached entries, potentially leading to authentication bypass or data manipulation. Affects Zimbra Collaboration 8.8.15 and 9.0 installations.

💻 Affected Systems

Products:
  • Zimbra Collaboration Suite
  • Zimbra Collaboration
Versions: 8.8.15 and 9.0
Operating Systems: Linux, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

Zimbra Collaboration Suite by Synacor

View all CVEs affecting Zimbra Collaboration Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via authentication bypass leading to unauthorized access to email accounts, data theft, or further network penetration.

🟠

Likely Case

Authentication bypass allowing unauthorized access to user accounts and email data.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external memcache access.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible against internet-facing Zimbra instances.
🏢 Internal Only: MEDIUM - Internal attackers could exploit, but requires network access to Zimbra services.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to Zimbra's memcache service (default port 11211). Public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.8.15 Patch 24 and 9.0.0 Patch 24

Vendor Advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Restart Required: Yes

Instructions:

1. Download appropriate patch from Zimbra support portal. 2. Stop Zimbra services. 3. Apply patch using zimbra-patch command. 4. Restart Zimbra services. 5. Verify patch installation.

🔧 Temporary Workarounds

Network Access Restriction

linux

Block external access to memcache port (11211) using firewall rules.

iptables -A INPUT -p tcp --dport 11211 -j DROP
iptables -A INPUT -p udp --dport 11211 -j DROP

Memcache Binding Restriction

linux

Configure memcache to bind only to localhost/127.0.0.1 instead of all interfaces.

Edit /opt/zimbra/conf/localconfig.xml and set memcached_bind_address to 127.0.0.1

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Zimbra servers from untrusted networks
  • Deploy web application firewall (WAF) with memcache injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check Zimbra version: /opt/zimbra/bin/zmcontrol -v. If output shows 8.8.15 or 9.0 without patch 24, system is vulnerable.

Check Version:

/opt/zimbra/bin/zmcontrol -v

Verify Fix Applied:

Run: /opt/zimbra/bin/zmcontrol -v. Should show 8.8.15_P24 or 9.0.0_P24. Also verify memcache service binds only to localhost.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memcache connection attempts in Zimbra logs
  • Authentication failures followed by successful logins from same IP

Network Indicators:

  • TCP/UDP connections to port 11211 from external IPs
  • Unusual memcache protocol traffic patterns

SIEM Query:

source="zimbra.logs" AND ("memcache" OR "11211") AND ("injection" OR "malformed" OR "unauthorized")

📊 Metadata

CVE ID: CVE-2022-27924
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-74
Published: April 21, 2022
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27924, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)