Zimbra ZCS - Remote Code Execution (CVE-2022-27925,CVE-2022-37042) (CVE-2022-27925, CVE-2022-37042)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Zimbra is affected by an Authentication Bypass and an Arbitrary File Upload vulnerabilities that can lead to a Directory Traversal attack, in which an attacker can upload a ZIP archive that contains a webshell file. The root cause of these vulnerabilities is in the
mboximport
functionality. Although this was initially marked as an authenticated vulnerability, where you must have an administrative session to upload the ZIP file, an authentication bypass was found later that move the overall vulnerability to an unauthenticated remote code execution. Versions affected are 8.8.15 and 9.0.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Zimbra server to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the Zimbra server to the latest version.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Apr 2022
- Published at
- Updated at
- Software Type
- Email server
- Vendor
- Synacor
- Product
- Zimbra Collaboration Software