Attacks leveraging Roundcube email server flaw underway

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks exploiting a cross-site scripting vulnerability impacting various versions of the Roundcube email server, tracked as CVE-2023-43770, reports BleepingComputer. No further details regarding the intrusions were provided but federal agencies were urged to remediate the flaw by March 4. While more than 132,000 Roundcube servers, most of which are in the U.S., were noted by a Shodan search to be exposed to the internet, the number of instances susceptible to attacks leveraging the XSS bug remains uncertain. Such vulnerability exploitation comes after Russian hacking operation Winter Vivern, also known as TA473, was reported to have leveraged another Roundcube XSS bug, tracked as CVE-2023-5631, in October attacks against European government organizations and think tanks. Another XSS flaw impacting Roundcube servers, tracked as CVE-2020-35730, had also been used by Winter Vivern and Russian cyberespionage operation APT28 in earlier attacks.