CVE-2024-27442

HIGH

Zimbra Collaboration 9.0-10.0 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

References (2)

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 10.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-755 CWE-269
Status published

Affected Products (38)

zimbra/collaboration < 10.0.7
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
zimbra/collaboration
... and 23 more

Timeline

Published Aug 12, 2024
Tracked Since Feb 18, 2026