CVE-2022-3569

HIGH

Zimbra Collaboration Suite <9.0.0 - Privilege Escalation

Title source: llm

Description

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Exploits (1)

metasploit WORKING POC EXCELLENT

by EvergreenCartoons, Ron Bowes · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/17141

[Third Party Advisory] https://twitter.com/ldsopreload/status/1580539318879547392

Scores

CVSS v3 7.8

EPSS 0.0284

EPSS Percentile 86.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-271

Status published

Products (1)

synacor/zimbra_collaboration_suite < 9.0.0

Published Oct 17, 2022

Tracked Since Feb 18, 2026