Home > Cyber News > CVE-2023-5631 in Roundcube Webmail Software Exploited
CYBER NEWS

CVE-2023-5631 in Roundcube Webmail Software Exploited

by   |  Last Update:  |  0 Comments  

Security researchers discovered that the threat actor group Winter Vivern, also known as TA473 and UAC-0114, is exploiting a specific zero-day vulnerability.

The said vulnerability is CVE-2023-5631, with a CVSS score of 5.4 in Roundcube webmail software, which was exploited on October 11, 2023. ESET researcher Matthieu Faou emphasized the heightened threat level, stating that Winter Vivern previously relied on known vulnerabilities in Roundcube and Zimbra, with publicly available proofs-of-concept.

CVE-2023-5631 in Roundcube Webmail Software Exploited

Winter Vivern Exploiting CVE-2023-5631 in Roundcube

Winter Vivern, aligned with the interests of Belarus and Russia, has targeted Ukraine, Poland, and government entities across Europe and India in recent months. Notably, this group exploited another Roundcube flaw (CVE-2020-35730) in August and September, making it the second nation-state group after APT28 to target the open-source webmail software.




The newly discovered vulnerability, CVE-2023-5631, is a stored cross-site scripting flaw. A fix for this issue was released on October 16, 2023. The attack involves a phishing message with a Base64-encoded payload in the HTML source code, leading to the execution of arbitrary JavaScript code when the victim views the message in a web browser.

ESET’s Faou detailed the attack chain, revealing that a specially crafted email message triggers the loading of arbitrary JavaScript code in the Roundcube user’s browser. The second-stage JavaScript (checkupdate.js) serves as a loader, enabling the execution of a final payload that facilitates the exfiltration of email messages to a command-and-control (C2) server.

Despite Winter Vivern’s relatively unsophisticated toolset, the group poses a significant threat due to its persistence, regular phishing campaigns, and the prevalence of internet-facing applications with known vulnerabilities. Faou emphasized the importance of prompt updates to mitigate the risk posed by this threat actor.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. January 2023 Patch Tuesday Fixes Actively Exploited CVE-2023-21674 The first Patch Tuesday fixes shipped by Microsoft for 2023...
  3. Which Are The Most Secure Smartphones PRICE TOTAL SCORE OS VPN ENCRYPTION TRACK BLOCK FINGERPRINT 1...
  4. The Most Exploited Vulnerabilities in 2021 Include CVE-2021-44228, CVE-2021-26084 Which were the most routinely exploited security vulnerabilities in 2021?...
  5. Google, Microsoft Bugs Top the 20 Most Prevalent Enterprise Vulnerabilities Cybersecurity firm Tenable just released their Vulnerability Intelligence Report which...
  6. CISA Warns of CVE-2023-1133, Other Severe Flaws in Industrial Software On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)...
  7. CVE-2023-38205: ColdFusion Vulnerability Exploited in the Wild Adobe has recently issued a fresh set of updates to...
  8. Which is the Most Secure Browser for 2015 – Firefox, Chrome, Internet Explorer, Safari A Web browser can be two things. A person who...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree