CVE-2022-37393

HIGH

Zimbra zmslapd arbitrary module load

Title source: metasploit

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Darren Martyn, Ron Bowes · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_slapper_priv_esc.rb

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/16807

[Exploit, Third Party Advisory] https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis

[Exploit, Third Party Advisory] https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/

Scores

CVSS v3 7.8

EPSS 0.0512

EPSS Percentile 89.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (17)

zimbra/collaboration 8.7.6

zimbra/collaboration 8.7.7

zimbra/collaboration 8.7.9

zimbra/collaboration 8.7.10

zimbra/collaboration 8.7.11 (16 CPE variants)

zimbra/collaboration 8.8.0 beta1

zimbra/collaboration 8.8.2

zimbra/collaboration 8.8.3

zimbra/collaboration 8.8.4

zimbra/collaboration 8.8.6

... and 7 more

Published Aug 16, 2022

Tracked Since Feb 18, 2026