Zimbra ZCS - Remote Code Execution (CVE-2022-27925, CVE-2022-37042)
- CVSSv3 Score
- Exploitable with Sniper
- Vulnerability description
Zimbra is affected by an Authentication Bypass and an Arbitrary File Upload vulnerabilities that can lead to a Directory Traversal attack, in which an attacker can upload a ZIP archive that contains a webshell file. The root cause of these vulnerabilities is in the
mboximportfunctionality. Although this was initially marked as an authenticated vulnerability, where you must have an administrative session to upload the ZIP file, an authentication bypass was found later that move the overall vulnerability to an unauthenticated remote code execution. Versions affected are 8.8.15 and 9.0.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Zimbra server to steal confidential information, install ransomware, or pivot to the internal network.
Upgrade the Zimbra server to the latest version.
- Detectable with
- Network Scanner
- Vuln date
- Apr 2022
- Published at
- Updated at
- Software Type
- Email server
- Zimbra Collaboration Software
- Not available