OpenCVE

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zimbra	Collaboration

Configuration 1 [-]

OR	cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html
https://forums.zimbra.org/viewtopic.php?t=71153&p=306532
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-26T00:00:00

Updated: 2024-08-03T12:42:46.297Z

Reserved: 2022-09-26T00:00:00

Link: CVE-2022-41352

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-26T02:15:10.733

Modified: 2024-11-21T07:23:06.257

Link: CVE-2022-41352

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41352", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:42:46.297Z", "dateReserved": "2022-09-26T00:00:00", "datePublished": "2022-09-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-09T23:19:12.543648"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532"}, {"url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"}, {"url": "https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:42:46.297Z"}, "title": "CVE Program Container", "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "tags": ["x_transferred"]}, {"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["x_transferred"]}, {"url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html", "tags": ["x_transferred"]}, {"url": "https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/", "tags": ["x_transferred"]}]}]}}

{"cisaActionDue": "2022-11-10", "cisaExploitAdd": "2022-10-20", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio."}, {"lang": "es", "value": "Se ha detectado un problema en Zimbra Collaboration (ZCS) versiones 8.8.15 y 9.0. Un atacante puede descargar archivos arbitrarios mediante amavisd por medio de un loophole de cpio (extracci\u00f3n a /opt/zimbra/jetty/webapps/zimbra/public) que puede conllevar a un acceso incorrecto a cualquier otra cuenta de usuario. Zimbra recomienda pax sobre cpio. Adem\u00e1s, pax est\u00e1 en los prerrequisitos de Zimbra en Ubuntu; sin embargo, pax ya no forma parte de una instalaci\u00f3n por defecto de Red Hat despu\u00e9s de RHEL 6 (o CentOS 6). Una vez instalado pax, amavisd lo prefiere autom\u00e1ticamente sobre cpio.\n\n"}], "id": "CVE-2022-41352", "lastModified": "2024-11-21T07:23:06.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-26T02:15:10.733", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://forums.zimbra.org/viewtopic.php?t=71153&p=306532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}