CVE-2022-37393 - Vulnerability Details

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zimbra	Collaboration

Configuration 1 [-]

OR	cpe:2.3:a:zimbra:collaboration:8.7.6:::::::*
	cpe:2.3:a:zimbra:collaboration:8.7.7:::::::*
	cpe:2.3:a:zimbra:collaboration:8.7.9:::::::*
	cpe:2.3:a:zimbra:collaboration:8.7.10:::::::*
	cpe:2.3:a:zimbra:collaboration:8.7.11:-::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p1::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p10::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p11::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p12::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p13::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p14::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p15::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p2::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p4::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p5::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p6::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p7::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p8::::::
	cpe:2.3:a:zimbra:collaboration:8.7.11:p9::::::
	cpe:2.3:a:zimbra:collaboration:8.8.0:beta1::::::
	cpe:2.3:a:zimbra:collaboration:8.8.2:::::::*
	cpe:2.3:a:zimbra:collaboration:8.8.3:::::::*
	cpe:2.3:a:zimbra:collaboration:8.8.4:::::::*
	cpe:2.3:a:zimbra:collaboration:8.8.6:::::::*
	cpe:2.3:a:zimbra:collaboration:8.8.7:::::::*
	cpe:2.3:a:zimbra:collaboration:8.8.8:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.8:p1::::::
	cpe:2.3:a:zimbra:collaboration:8.8.8:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.8.8:p4::::::
	cpe:2.3:a:zimbra:collaboration:8.8.8:p7::::::
	cpe:2.3:a:zimbra:collaboration:8.8.9:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.9:p1::::::
	cpe:2.3:a:zimbra:collaboration:8.8.9:p10::::::
	cpe:2.3:a:zimbra:collaboration:8.8.9:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.8.10:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.10:p8::::::
	cpe:2.3:a:zimbra:collaboration:8.8.11:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.11:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.8.11:p4::::::
	cpe:2.3:a:zimbra:collaboration:8.8.11:p5::::::
	cpe:2.3:a:zimbra:collaboration:8.8.12:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.12:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.8.12:p4::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p11::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p26::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p3::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p30::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p31::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p32::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p33::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p34::::::
	cpe:2.3:a:zimbra:collaboration:8.8.15:p5::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p19::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p23::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p25::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p26::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p27::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p4::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p7::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1::::::

No data.

References

Link	Providers
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/
https://github.com/rapid7/metasploit-framework/pull/16807

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2022-08-16T20:00:19.211637Z

Updated: 2024-09-17T00:45:31.181Z

Reserved: 2022-08-02T00:00:00

Link: CVE-2022-37393

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-16T20:15:07.860

Modified: 2024-11-21T07:14:54.630

Link: CVE-2022-37393

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Zimbra Server", "vendor": "Synacor", "versions": [{"lessThanOrEqual": "9.0.0.p27", "status": "affected", "version": "9.0.0.p27", "versionType": "custom"}, {"lessThanOrEqual": "8.8.15.p34", "status": "affected", "version": "8.8.15.p34", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Darren Martyn discovered and disclosed this vulnerability"}], "datePublic": "2021-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}], "exploits": [{"lang": "en", "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T20:00:19", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"tags": ["x_refsource_MISC"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"tags": ["x_refsource_MISC"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "source": {"discovery": "EXTERNAL"}, "title": "Zimbra zmslapd arbitrary module load", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2021-10-27T21:00:00.000Z", "ID": "CVE-2022-37393", "STATE": "PUBLIC", "TITLE": "Zimbra zmslapd arbitrary module load"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zimbra Server", "version": {"version_data": [{"version_affected": "<=", "version_name": "9.0.0.p27", "version_value": "9.0.0.p27"}, {"version_affected": "<=", "version_name": "8.8.15.p34", "version_value": "8.8.15.p34"}]}}]}, "vendor_name": "Synacor"}]}}, "credit": [{"lang": "eng", "value": "Darren Martyn discovered and disclosed this vulnerability"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}]}, "exploit": [{"lang": "en", "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rapid7/metasploit-framework/pull/16807", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis", "refsource": "MISC", "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/", "refsource": "MISC", "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.022Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2022-37393", "datePublished": "2022-08-16T20:00:19.211637Z", "dateReserved": "2022-08-02T00:00:00", "dateUpdated": "2024-09-17T00:45:31.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*", "matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*", "matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*", "matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*", "matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*", "matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*", "matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*", "matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*", "matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*", "matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*", "matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*", "matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*", "matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*", "matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*", "matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*", "matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*", "matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*", "matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*", "matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*", "matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*", "matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*", "matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*", "matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*", "matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*", "matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*", "matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*", "matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*", "matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*", "matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*", "matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*", "matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*", "matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*", "matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*", "matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*", "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*", "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*", "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*", "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*", "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}, {"lang": "es", "value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."}], "id": "CVE-2022-37393", "lastModified": "2024-11-21T07:14:54.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T20:15:07.860", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object