CVE-2022-41352

Description from NVD

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.

Information Acquisition Date:2022-11-14T14:50Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
     source:MISC
     tags:Vendor Advisory    
 https://wiki.zimbra.com/wiki/Security_Center
     source:MISC
     tags:Patch    Release Notes    Vendor Advisory    
 https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
     source:MISC
     tags:Mitigation    Vendor Advisory    
 http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(4 tweets) PHP(1 tweets) Windows(3 tweets) Wordpress(13 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com49
http://twinybots.ch26
https://lists.astaro.com/ASGV9-IPS-rules.html#020
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce15
https://securityaffairs.co/wordpress/137164/apt/zimbra-cve-...12
https://www.helpnetsecurity.com/2022/10/10/cve-2022-4135211
https://thehackernews.com/2022/10/hackers-exploiting-unpatc...8
https://securelist.com/ongoing-exploitation-of-cve-2022-413...7
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-413526
https://tweetedtimes.com/Pentest101MX?s=tnp6
https://www.rapid7.com/blog/post/2022/10/06/exploitation-of...4
https://latam.kaspersky.com/blog/zimbra-cve-2022-41352-itw/...4
http://t.me/hackgit3
https://kas.pr/4anp3
https://zpr.io/5pFiWsvhwaTS3
https://buff.ly/3S5DnIy3
https://twitter.com/iagox86/status/15780844847207342093
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories3
https://blog.segu-info.com.ar/2022/10/vulnerabilidad-critic...3
https://www.itsecuritynews.info/ongoing-exploitation-of-cve...3

▼ Show Information from Twitter(253)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com49
twinybots.ch26
lists.astaro.com20
github.com15
securityaffairs.co12
www.helpnetsecurity.com11
thehackernews.com8
securelist.com7
attackerkb.com6
tweetedtimes.com6
www.rapid7.com4
latam.kaspersky.com4
t.me3
kas.pr3
zpr.io3
buff.ly3
twitter.com3
wiki.zimbra.com3
blog.segu-info.com.ar3
www.itsecuritynews.info3

▼ Show Information from Twitter(253)


GitHub Search Results: Up to 10
NameURL
segfault-it/cve-2022-41352 https://github.com/segfault-it/cve-2022-41352
Cr4ckC4t/cve-2022-41352-zimbra-rce https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

GitHub Search Results: Up to 10
NameURL
segfault-it/cve-2022-41352 github.com
Cr4ckC4t/cve-2022-41352-zimbra-rce github.com

2022/11/30 Score : 0
Added Har-sia Database : 2022/09/26
Last Modified : 2022/11/30
Highest Scored Date : 2022/10/17
Highest Score : 47