CVE-2022-41352

critical-risk
Published 2022-09-26

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Do I need to act?

!
94.0% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Synacor

References (11)

Exploit http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-...
Mitigation https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
Patch https://wiki.zimbra.com/wiki/Security_Center
Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Third Party Advisory https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-expl...
Exploit http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-...
Mitigation https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
Patch https://wiki.zimbra.com/wiki/Security_Center
Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Third Party Advisory https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-expl...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-...
86
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 27/34 · High