This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ZIMBRA_8_8_15_P34.NASLZimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.955 High
EPSS
Percentile
99.4%
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities:
including the following:
-
An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. (CVE-2022-41352)
-
Zimbraβs sudo configuration permits the zimbra use to execute the zmslapd binary as root with arbitrary parameters. This includes plugins in the form of .so files specified in a user-defined configuration file. (CVE-2022-37393)
-
An information disclosure vulnerability due to an XSS attributes in the clsearch, compose and calendar components of webmail. (CVE-2022-41349. CVE-2022-41350, CVE-2022-41351)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166098);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/08");
script_cve_id(
"CVE-2022-37393",
"CVE-2022-41349",
"CVE-2022-41350",
"CVE-2022-41351",
"CVE-2022-41352"
);
script_xref(name:"IAVA", value:"2022-A-0419-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/11/10");
script_name(english:"Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a web application that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities:
including the following:
- An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to
incorrect access to any other user accounts. (CVE-2022-41352)
- Zimbra's sudo configuration permits the zimbra use to execute the zmslapd binary as root with
arbitrary parameters. This includes plugins in the form of .so files specified in a user-defined
configuration file. (CVE-2022-37393)
- An information disclosure vulnerability due to an XSS attributes in the clsearch, compose and calendar
components of webmail. (CVE-2022-41349. CVE-2022-41350, CVE-2022-41351)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P34");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Security_Center");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 8.8.15 Patch 34, or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41352");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Zimbra zmslapd arbitrary module load');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/13");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zimbra:collaboration_suite");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zimbra_web_detect.nbin", "zimbra_nix_installed.nbin");
script_require_keys("installed_sw/zimbra_zcs");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::zimbra::combined_get_app_info();
var constraints = [
{'min_version':'8.8.15', 'max_version':'8.8.15', 'fixed_display':'8.8.15 Patch 34', 'Patch':'34'}
];
vcf::zimbra::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE,
flags:{'xss':TRUE}
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zimbra | collaboration_suite | cpe:/a:zimbra:collaboration_suite |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41352
wiki.zimbra.com/wiki/Security_Center
wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P34
wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.955 High
EPSS
Percentile
99.4%