{"containers": {"cna": {"affected": [{"product": "Zimbra Server", "vendor": "Synacor", "versions": [{"lessThanOrEqual": "9.0.0.p27", "status": "affected", "version": "9.0.0.p27", "versionType": "custom"}, {"lessThanOrEqual": "8.8.15.p34", "status": "affected", "version": "8.8.15.p34", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Darren Martyn discovered and disclosed this vulnerability"}], "datePublic": "2021-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}], "exploits": [{"lang": "en", "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T20:00:19", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"tags": ["x_refsource_MISC"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"tags": ["x_refsource_MISC"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "source": {"discovery": "EXTERNAL"}, "title": "Zimbra zmslapd arbitrary module load", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2021-10-27T21:00:00.000Z", "ID": "CVE-2022-37393", "STATE": "PUBLIC", "TITLE": "Zimbra zmslapd arbitrary module load"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zimbra Server", "version": {"version_data": [{"version_affected": "<=", "version_name": "9.0.0.p27", "version_value": "9.0.0.p27"}, {"version_affected": "<=", "version_name": "8.8.15.p34", "version_value": "8.8.15.p34"}]}}]}, "vendor_name": "Synacor"}]}}, "credit": [{"lang": "eng", "value": "Darren Martyn discovered and disclosed this vulnerability"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}]}, "exploit": [{"lang": "en", "value": "Exploit originally published by the discoverer: https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}], "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rapid7/metasploit-framework/pull/16807", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"name": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis", "refsource": "MISC", "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"name": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/", "refsource": "MISC", "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.022Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2022-37393", "datePublished": "2022-08-16T20:00:19.211637Z", "dateReserved": "2022-08-02T00:00:00", "dateUpdated": "2024-09-17T00:45:31.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*", "matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*", "matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*", "matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*", "matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*", "matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*", "matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*", "matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*", "matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*", "matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*", "matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*", "matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*", "matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*", "matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*", "matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*", "matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*", "matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*", "matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*", "matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*", "matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*", "matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*", "matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*", "matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*", "matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*", "matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*", "matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*", "matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*", "matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*", "matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*", "matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*", "matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*", "matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*", "matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*", "matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*", "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*", "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*", "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*", "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*", "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}, {"lang": "es", "value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."}], "id": "CVE-2022-37393", "lastModified": "2024-11-21T07:14:54.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T20:15:07.860", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/16807"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}