Heads Up! CISA Warns Active looming ‘Roundcube’ Email Attacks – Patch now!

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an active vulnerability in the Roundcube email software, identified as CVE-2023-43770. This vulnerability is currently being exploited, and CISA has urged users to patch their systems immediately.

What is Roundcube?

In simple terms, Roundcube is a way to check your email on the web. It works with lots of different web servers and databases.

In more detailed terms, Roundcube is a popular webmail client that operates in a web-based environment. It is compatible with various web servers, including Apache, LiteSpeed, Nginx, Lighttpd, Hiawatha, or Cherokee, and supports databases such as MySQL, PostgreSQL, and SQLite.

What’s the Problem? The Vulnerability in Roundcube.

The vulnerability, tracked as CVE-2023-43770, allows Cross-Site Scripting (XSS) via text/plain email messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. This loophole creates an avenue for persistent XSS attacks, potentially leading to information disclosure through malicious link references.

In other words, the problem is a weak spot in Roundcube that lets bad guys do something called Cross-Site Scripting (XSS). This means they can put harmful links in emails. If someone clicks on the link, the bad guys can get their information related to the user.

Who Does It Affect?

The vulnerability affects the following versions of the Roundcube webmail framework:

• Roundcube before 1.4.14
• Roundcube 1.5.x series before 1.5.4
• Roundcube 1.6.x series before 1.6.3

Discovery and Reporting. Who found the problem?

Zscaler’s Niraj Shivtarkar detected the vulnerability, and the company released a patch in September 2023 to fix the XSS issue. This XSS vulnerability is tracked under CVE-2023-43770. It has a CVSS score of 6.1 and ‘MEDIUM’ severity.

How to Fix It?

CISA has added CVE-2023-43770 to the Known Exploited Vulnerability (KEV) database on 12 February 2024. The mitigation or workaround needs to be deployed prior to 4 March 2024.

The Roundcube developers had released a security patch or the version 1.6.3 of Roundcube Webmail to resolve the XSS threat on 15 September 2023. It is recommended that you upgrade your Roundcube packages.

In simple terms, CISA has added this problem to its list of known problems. They say you need to fix it by 4 March 2024. Roundcube has made a fix available. You just need to update your Roundcube software to the latest version.

Conclusion

This alert from CISA highlights the importance of keeping software up-to-date and applying patches as soon as they become available. Organizations are advised to take immediate action to address this vulnerability and protect their systems.
This warning from CISA shows how important it is to keep your software up to date. If there’s a problem, you need to fix it as soon as you can. That’s the best way to keep your computer safe.

---

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it