CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
99.3%
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Recent assessments:
rbowes-r7 at July 18, 2022 4:55pm UTC reported:
While we focused on Zimbra in our analysis, there are almost certainly other targets for this vulnerability that we are not aware of yet.
Exploiting this against Zimbra is really bad β it can be done fairly quietly and it doesnβt require direct access to the server, and can easily lead to root access to the server hosting usersβ email. This is super urgent to patch on Zimbra!
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3
packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30333
github.com/aslitsecurity/Zimbra-CVE-2022-30333
lists.debian.org/debian-lts-announce/2023/08/msg00022.html
security.gentoo.org/glsa/202309-04
www.rarlab.com/rar/rarlinux-x32-612.tar.gz
www.rarlab.com/rar_add.htm
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
99.3%