HomePentest-Tools.com Logo

Zimbra ZCS - Remote Code Execution (CVE-2022-27925,CVE-2022-37042) (CVE-2022-27925, CVE-2022-37042)

Severity
CVSSv3 Score
9.8
Vulnerability description

Zimbra is affected by an Authentication Bypass and an Arbitrary File Upload vulnerabilities that can lead to a Directory Traversal attack, in which an attacker can upload a ZIP archive that contains a webshell file. The root cause of these vulnerabilities is in the mboximport functionality. Although this was initially marked as an authenticated vulnerability, where you must have an administrative session to upload the ZIP file, an authentication bypass was found later that move the overall vulnerability to an unauthenticated remote code execution. Versions affected are 8.8.15 and 9.0.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Zimbra server to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade the Zimbra server to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Apr 2022
Published at
Updated at
Software Type
Email server
Vendor
Synacor
Product
Zimbra Collaboration Software