CVE-2024-27442

moderate-risk

Published 2024-08-12

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Collaboration

Affected Vendors

Zimbra

References (2)

Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes

Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 24/34 · High