CVE-2022-41352

Description from NVD

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.

Information Acquisition Date:2022-12-05T03:24Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
     source:MISC
     tags:Vendor Advisory    
 https://wiki.zimbra.com/wiki/Security_Center
     source:MISC
     tags:Patch    Release Notes    Vendor Advisory    
 https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
     source:MISC
     tags:Mitigation    Vendor Advisory    
 http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
http://twinybots.ch37
https://lists.astaro.com/ASGV9-IPS-rules.html#012
https://www.helpnetsecurity.com/2022/10/10/cve-2022-4135211
https://thehackernews.com/2022/10/hackers-exploiting-unpatc...8
https://securelist.com/ongoing-exploitation-of-cve-2022-413...7
https://securityaffairs.co/wordpress/137164/apt/zimbra-cve-...7
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-413526
https://tweetedtimes.com/Pentest101MX?s=tnp5
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce4
https://www.rapid7.com/blog/post/2022/10/06/exploitation-of...4
http://t.me/hackgit3
https://kas.pr/4anp3
https://zpr.io/5pFiWsvhwaTS3
https://buff.ly/3S5DnIy3
https://twitter.com/iagox86/status/15780844847207342093
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories3
https://latam.kaspersky.com/blog/zimbra-cve-2022-41352-itw/...3
https://blog.segu-info.com.ar/2022/10/vulnerabilidad-critic...3
https://www.itsecuritynews.info/ongoing-exploitation-of-cve...3

Information from Twitter

User URL Info Source Date
kingslyj https://nvd.nist.gov/vuln/detail/CVE-2022-41352 Source kingslyj         1631795395650285568 2023/03/04
HiveProInc https://www.hivepro.com/a-new-rorschach-ransomware-threat-e... Source HiveProInc       1646074300066086918 2023/04/12
HiveProInc https://twitter.com/HiveProInc/status/1646074300066086918/p... Source HiveProInc       1646074300066086918 2023/04/12

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
twinybots.ch37
lists.astaro.com12
www.helpnetsecurity.com11
thehackernews.com8
securelist.com7
securityaffairs.co7
attackerkb.com6
tweetedtimes.com5
github.com4
www.rapid7.com4
t.me3
kas.pr3
zpr.io3
buff.ly3
twitter.com3
wiki.zimbra.com3
latam.kaspersky.com3
blog.segu-info.com.ar3
www.itsecuritynews.info3

Information from Twitter

User URL Info Source
kingslyj nvd.nist.gov Show Tweet
HiveProInc hivepro.com Show Tweet
HiveProInc twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
segfault-it/cve-2022-41352 https://github.com/segfault-it/cve-2022-41352
Cr4ckC4t/cve-2022-41352-zimbra-rce https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
GitHub Search Results: Up to 10
NameURL
segfault-it/cve-2022-41352 github.com
Cr4ckC4t/cve-2022-41352-zimbra-rce github.com
2023/04/12 Score : 0
Added Har-sia Database : 2022/09/26
Last Modified : 2023/04/12
Highest Scored Date : 2022/10/17
Highest Score : 47