CVE-2022-41352

CRITICAL KEV RANSOMWARE NUCLEI

Zimbra Collaboration <9.0 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

Exploits (4)

nomisec WORKING POC 105 stars
by Cr4ckC4t · poc
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
nomisec WORKING POC 8 stars
by segfault-it · client-side
https://github.com/segfault-it/cve-2022-41352
nomisec NO CODE
by qailanet · poc
https://github.com/qailanet/cve-2022-41352-zimbra-rce

Nuclei Templates (1)

Zimbra Collaboration - Unrestricted File Upload
CRITICALby rxerium
Shodan: http.favicon.hash:"1624375939" || http.html:"Zimbra Collaboration Suite Web Client"
FOFA: icon_hash="1624375939"

References (6)

Scores

CVSS v3 9.8
EPSS 0.9396
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-10-20
VulnCheck KEV 2022-10-20
InTheWild.io 2022-10-06
ENISA EUVD EUVD-2022-44557
Ransomware Use Confirmed
CWE
CWE-22
Status published
Products (2)
synacor/zimbra_collaboration_suite 9.0.0 (28 CPE variants)
synacor/zimbra_collaboration_suite 8.8.15 (22 CPE variants)
Published Sep 26, 2022
KEV Added Oct 20, 2022
Tracked Since Feb 18, 2026