Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-37393 (GCVE-0-2022-37393)
Vulnerability from cvelistv5 – Published: 2022-08-16 20:00 – Updated: 2024-09-17 00:45
VLAI?
EPSS
Title
Zimbra zmslapd arbitrary module load
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synacor | Zimbra Server |
Affected:
9.0.0.p27 , ≤ 9.0.0.p27
(custom)
Affected: 8.8.15.p34 , ≤ 8.8.15.p34 (custom) |
Credits
Darren Martyn discovered and disclosed this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Server",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0.p27",
"status": "affected",
"version": "9.0.0.p27",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.8.15.p34",
"status": "affected",
"version": "8.8.15.p34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
],
"exploits": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:00:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zimbra zmslapd arbitrary module load",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-37393",
"datePublished": "2022-08-16T20:00:19.211637Z",
"dateReserved": "2022-08-02T00:00:00",
"dateUpdated": "2024-09-17T00:45:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37393
Vulnerability from fstec - Published: 16.08.2022
VLAI Severity ?
Title
Уязвимость функции zmslapd корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции zmslapd корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS) связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
Vendor
Zimbra Inc.
Software Name
Zimbra Collaboration Suite
Software Version
до 9.0.0 P25 включительно (Zimbra Collaboration Suite), до 8.8.15 P32 включительно (Zimbra Collaboration Suite)
Possible Mitigations
Компенсирующие меры:
- ограничение доступа к командной строке для недоверенных пользователей;
- отключение неиспользуемых учетных записей, а также учетных записей недоверенных пользователей.
Reference
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/
https://github.com/rapid7/metasploit-framework/pull/16807
CWE
CWE-284
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Zimbra Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 9.0.0 P25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zimbra Collaboration Suite), \u0434\u043e 8.8.15 P32 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Zimbra Collaboration Suite)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 \u0434\u043b\u044f \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.08.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.08.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.08.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05280",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-37393",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Zimbra Collaboration Suite",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 zmslapd \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Zimbra Collaboration Suite (ZCS), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 zmslapd \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Zimbra Collaboration Suite (ZCS) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis\nhttps://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/\nhttps://github.com/rapid7/metasploit-framework/pull/16807",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
GSD-2022-37393
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-37393",
"description": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
"id": "GSD-2022-37393"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-37393"
],
"details": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
"id": "GSD-2022-37393",
"modified": "2023-12-13T01:19:13.197228Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-10-27T21:00:00.000Z",
"ID": "CVE-2022-37393",
"STATE": "PUBLIC",
"TITLE": "Zimbra zmslapd arbitrary module load"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zimbra Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0.0.p27",
"version_value": "9.0.0.p27"
},
{
"version_affected": "\u003c=",
"version_name": "8.8.15.p34",
"version_value": "8.8.15.p34"
}
]
}
}
]
},
"vendor_name": "Synacor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Darren Martyn discovered and disclosed this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2022-37393"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
},
{
"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/16807",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-18T17:12Z",
"publishedDate": "2022-08-16T20:15Z"
}
}
}
CERTFR-2022-AVI-902
Vulnerability from certfr_avis - Published: 2022-10-12 - Updated: 2022-10-12
De multiples vulnérabilités ont été découvertes dans Zimbra Collaboration. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Synacor | Zimbra Collaboration | Zimbra Collaboration versions 9.x antérieures à 9.0.0 Patch 27 | ||
| Synacor | Zimbra Collaboration | Zimbra Collaboration versions 8.x antérieures à 8.8.15 Patch 34 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zimbra Collaboration versions 9.x ant\u00e9rieures \u00e0 9.0.0 Patch 27",
"product": {
"name": "Zimbra Collaboration",
"vendor": {
"name": "Synacor",
"scada": false
}
}
},
{
"description": "Zimbra Collaboration versions 8.x ant\u00e9rieures \u00e0 8.8.15 Patch 34",
"product": {
"name": "Zimbra Collaboration",
"vendor": {
"name": "Synacor",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
},
{
"name": "CVE-2022-41348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41348"
},
{
"name": "CVE-2022-41350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41350"
},
{
"name": "CVE-2022-41351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41351"
},
{
"name": "CVE-2022-37393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
},
{
"name": "CVE-2022-41349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41349"
}
],
"initial_release_date": "2022-10-12T00:00:00",
"last_revision_date": "2022-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-902",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra\nCollaboration. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra Collaboration",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
"url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
}
]
}
GHSA-8JJP-3PJ6-XX8J
Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00
VLAI?
Details
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-37393"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-16T20:15:00Z",
"severity": "HIGH"
},
"details": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",
"id": "GHSA-8jjp-3pj6-xx8j",
"modified": "2022-08-19T00:00:21Z",
"published": "2022-08-17T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37393"
},
{
"type": "WEB",
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"type": "WEB",
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"type": "WEB",
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2022-ALE-009
Vulnerability from certfr_alerte - Published: 2022-10-07 - Updated: 2023-03-14
[MaJ 12 octobre 2022] Un correctif est désormais disponible (cf. section Documentation).
[Publication initiale]
Le 15 septembre 2022, l'éditeur Zimbra a publié un avis de sécurité mentionnant une vulnérabilité dans l'implémentation de cpio par son moteur d'antivirus (Amavis). L'outil d'extraction d'archive cpio est utilisé par Zimbra dès lors que l'utilitaire pax n'est pas installé. Cette vulnérabilité permet à un attaquant non authentifié de téléverser ou écraser un fichier sur le serveur. Par ce biais, l'attaquant à la possibilité de déposer une porte dérobée afin de pouvoir exécuter du code arbitraire à distance sur la machine. En effet, si un attaquant envoie un courriel contenant une archive piégée avec le format .cpio, .rpm ou .tar à une instance de Zimbra ne disposant pas de l'utilitaire pax, alors, lors du processus d'extraction par Amavis la vulnérabilité sera déclenchée.
Le 25 septembre, le NIST NVD attribue à cette vulnérabilité l'immatriculation CVE-2022-41352. Cette vulnérabilité est simple à exploiter et pourrait être combinée avec une autre vulnérabilité de type élévation de privilèges, telle que la CVE-2022-37393, pour prendre le contrôle total de la machine.
Le CERT-FR a connaissance de cas d'exploitation de cette vulnérabilité et de codes d'exploitation publiquement disponibles.
Contournement provisoire
L'éditeur n'a pas publié de correctif pour cette vulnérabilité. Cependant, il est assez aisé de s'en prémunir en installant l'utilitaire pax, disponible via le paquet du même nom, puis en redémarrant l'application Zimbra (les commandes sont détaillées par l'éditeur [1]).
Détection
Le CERT-FR recommande de réaliser une analyse approfondie des journaux
réseau des serveurs Zimbra. Il est possible d'obtenir la liste des
archives au format .tar, .rpm ou .cpio qui ont été téléversées via la
commande suivante :
cat /opt/zimbra/log/mailbox.log | grep -i -e ".*FileUploadServlet.*name=.*\(.cpio\|.tar\|.rpm\),".
Ces archives devront ensuite être analysées pour tenter d'identifier des
tentatives d'exploitation de la vulnérabilité. Cependant, un attaquant
peut dissimuler ses traces dans le cas où il a réalisé une élévation de
privilège par le biais d'une autre vulnérabilité.
En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information.
Solution
[MaJ 12 octobre 2022] Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Synacor | Zimbra Collaboration | Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zimbra Collaboration Suite (ZCS) toutes versions utilisant cpio",
"product": {
"name": "Zimbra Collaboration",
"vendor": {
"name": "Synacor",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2023-03-14",
"content": "## Contournement provisoire\n\nL\u0027\u00e9diteur n\u0027a pas publi\u00e9 de correctif pour cette vuln\u00e9rabilit\u00e9.\nCependant, il est assez ais\u00e9 de s\u0027en pr\u00e9munir en installant l\u0027utilitaire\n*pax*, disponible *via* le paquet du m\u00eame nom, puis en red\u00e9marrant\nl\u0027application Zimbra (les commandes sont d\u00e9taill\u00e9es par l\u0027\u00e9diteur\n\\[1\\]).\n\n## D\u00e9tection\n\nLe CERT-FR recommande de r\u00e9aliser une analyse approfondie des journaux\nr\u00e9seau des serveurs Zimbra. Il est possible d\u0027obtenir la liste des\narchives au format .tar, .rpm ou .cpio qui ont \u00e9t\u00e9 t\u00e9l\u00e9vers\u00e9es *via* la\ncommande suivante :\n`cat /opt/zimbra/log/mailbox.log | grep -i -e \".*FileUploadServlet.*name=.*\\(.cpio\\|.tar\\|.rpm\\),\"`.\nCes archives devront ensuite \u00eatre analys\u00e9es pour tenter d\u0027identifier des\ntentatives d\u0027exploitation de la vuln\u00e9rabilit\u00e9. Cependant, un attaquant\npeut dissimuler ses traces dans le cas o\u00f9 il a r\u00e9alis\u00e9 une \u00e9l\u00e9vation de\nprivil\u00e8ge par le biais d\u0027une autre vuln\u00e9rabilit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les\n[bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me\nd\u0027information](/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/).\n\n\n## Solution\n\n\u003cspan style=\"color: #ff0000;\"\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003cspan\nstyle=\"color: #000000;\"\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur\npour l\u0027obtention des correctifs (cf. section\nDocumentation).\u003c/span\u003e\u003c/span\u003e\n\n",
"cves": [
{
"name": "CVE-2022-37393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37393"
},
{
"name": "CVE-2022-41352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41352"
}
],
"initial_release_date": "2022-10-07T00:00:00",
"last_revision_date": "2023-03-14T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2022-AVI-902 du 12 octobre 2022",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-902/"
},
{
"title": "Bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Zimbra du 10 octobre 2022",
"url": "https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/"
}
],
"reference": "CERTFR-2022-ALE-009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-07T00:00:00.000000"
},
{
"description": "Correctif disponible.",
"revision_date": "2022-10-12T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "\u003cstrong\u003e\\[MaJ 12 octobre 2022\\]\u00a0\u003c/strong\u003eUn correctif est d\u00e9sormais disponible (cf.\nsection Documentation).\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 15 septembre 2022, l\u0027\u00e9diteur Zimbra a publi\u00e9 un avis de s\u00e9curit\u00e9\nmentionnant une vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation de *cpio* par son\nmoteur d\u0027antivirus (Amavis). L\u0027outil d\u0027extraction d\u0027archive *cpio* est\nutilis\u00e9 par Zimbra d\u00e8s lors que l\u0027utilitaire\u00a0*pax* n\u0027est pas install\u00e9*.*\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 de t\u00e9l\u00e9verser\nou \u00e9craser un fichier sur le serveur. Par ce biais, l\u0027attaquant \u00e0 la\npossibilit\u00e9 de d\u00e9poser une porte d\u00e9rob\u00e9e afin de pouvoir ex\u00e9cuter du\ncode arbitraire \u00e0 distance sur la machine. En effet, si un attaquant\nenvoie un courriel contenant une archive pi\u00e9g\u00e9e avec le format .cpio,\n.rpm ou .tar \u00e0 une instance de Zimbra ne disposant pas de l\u0027utilitaire\n*pax*, alors, lors du processus d\u0027extraction par Amavis la vuln\u00e9rabilit\u00e9\nsera d\u00e9clench\u00e9e.\n\nLe 25 septembre, le NIST NVD attribue \u00e0 cette vuln\u00e9rabilit\u00e9\nl\u0027immatriculation CVE-2022-41352. Cette vuln\u00e9rabilit\u00e9 est simple \u00e0\nexploiter et pourrait \u00eatre combin\u00e9e avec une autre vuln\u00e9rabilit\u00e9 de type\n\u00e9l\u00e9vation de privil\u00e8ges, telle que la CVE-2022-37393, pour prendre le\ncontr\u00f4le total de la machine.\n\nLe CERT-FR a connaissance de cas d\u0027exploitation de cette vuln\u00e9rabilit\u00e9\net de codes d\u0027exploitation publiquement disponibles.\n",
"title": "[MaJ] Vuln\u00e9rabilit\u00e9 dans Zimbra Collaboration",
"vendor_advisories": [
{
"published_at": "2022-09-14",
"title": "[1] Bulletin de s\u00e9curit\u00e9 Zimbra",
"url": "https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/"
}
]
}
FKIE_CVE-2022-37393
Vulnerability from fkie_nvd - Published: 2022-08-16 20:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
References
| URL | Tags | ||
|---|---|---|---|
| cve@rapid7.com | https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis | Exploit, Third Party Advisory | |
| cve@rapid7.com | https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ | Exploit, Third Party Advisory | |
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/16807 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/16807 | Exploit, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*",
"matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*",
"matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*",
"matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*",
"matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*",
"matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*",
"matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*",
"matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*",
"matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*",
"matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*",
"matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*",
"matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*",
"matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*",
"matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra\u0027s sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
},
{
"lang": "es",
"value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."
}
],
"id": "CVE-2022-37393",
"lastModified": "2024-11-21T07:14:54.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-16T20:15:07.860",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/16807"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…