Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ZIMBRA_9_0_0_P27.NASLHistoryOct 13, 2022 - 12:00 a.m.
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-1300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
124
zimbra collaboration server
multiple vulnerabilities
arbitrary files upload
amavisd
incorrect access
user accounts
sudo configuration
zmslapd binary
information disclosure
xss
img element
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.955 High
EPSS
Percentile
99.4%
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities:
including the following:
-
An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. (CVE-2022-41352)
-
Zimbraβs sudo configuration permits the zimbra use to execute the zmslapd binary as root with arbitrary parameters. This includes plugins in the form of .so files specified in a user-defined configuration file. (CVE-2022-37393)
-
An information disclosure vulnerability due to an XSS in one of the attributes of an IMG element.
(CVE-2022-41348)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166097);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/08");
script_cve_id("CVE-2022-37393", "CVE-2022-41348", "CVE-2022-41352");
script_xref(name:"IAVA", value:"2022-A-0419-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/11/10");
script_name(english:"Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a web application that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities:
including the following:
- An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to
incorrect access to any other user accounts. (CVE-2022-41352)
- Zimbra's sudo configuration permits the zimbra use to execute the zmslapd binary as root with
arbitrary parameters. This includes plugins in the form of .so files specified in a user-defined
configuration file. (CVE-2022-37393)
- An information disclosure vulnerability due to an XSS in one of the attributes of an IMG element.
(CVE-2022-41348)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Security_Center");
script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 9.0.0 Patch 27, or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41352");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Zimbra zmslapd arbitrary module load');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/13");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zimbra:collaboration_suite");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zimbra_web_detect.nbin", "zimbra_nix_installed.nbin");
script_require_keys("installed_sw/zimbra_zcs");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::zimbra::combined_get_app_info();
var constraints = [
{'min_version':'9.0', 'max_version':'9.0.0', 'fixed_display':'9.0.0 Patch 27', 'Patch':'27'}
];
vcf::zimbra::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE,
flags:{'xss':TRUE}
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zimbra | collaboration_suite | cpe:/a:zimbra:collaboration_suite |
Related
rapid7blog
rapid7blog
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
2022-10-06 17:13:34
Metasploit Weekly Wrap-Up
2022-08-12 18:52:27
Metasploit Weekly Wrap-Up
2022-10-21 17:31:54
attackerkb
attackerkb
cve
cve
prion
prion
Information disclosure
2022-10-12 20:15:00
Design/Logic Flaw
2022-09-26 02:15:00
Design/Logic Flaw
2022-08-16 20:15:00
nessus
nessus
cnvd
cnvd
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability
2022-10-14 00:00:00
Zimbra Collaboration Suite Remote Code Execution Vulnerability
2022-09-28 00:00:00
nvd
nvd
cvelist
cvelist
CVE-2022-41348
2022-10-12 00:00:00
CVE-2022-37393 Zimbra zmslapd arbitrary module load
2021-10-27 00:00:00
CVE-2022-41352
2022-09-26 00:00:00
osv
osv
thn
thn
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
2023-04-04 13:16:00
Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50:00
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
2022-10-08 07:50:00
metasploit
metasploit
Zimbra zmslapd arbitrary module load
2022-08-05 18:55:05
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
packetstorm
packetstorm
Zimbra zmslapd Privilege Escalation
2022-08-10 00:00:00
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
securelist
securelist
Advanced threat predictions for 2023
2022-11-14 08:00:24
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
githubexploit
githubexploit
Exploit for Path Traversal in Zimbra Collaboration
2022-10-10 13:04:34
Exploit for Path Traversal in Zimbra Collaboration
2022-11-11 20:58:08
cisa_kev
cisa_kev
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20 00:00:00
zdt
zdt
Zimbra zmslapd Privilege Escalation Exploit
2022-08-10 00:00:00
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
hivepro
hivepro
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
2022-10-11 07:28:31
qualysblog
qualysblog
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.955 High
EPSS
Percentile
99.4%
Related for ZIMBRA_9_0_0_P27.NASL