CVE-2022-37393

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis Exploit Third Party Advisory
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ Exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/16807 Exploit Patch Third Party Advisory
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis Exploit Third Party Advisory
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ Exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/16807 Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*
cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*
History

21 Nov 2024, 07:14

Type Values Removed Values Added
References () https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis - Exploit, Third Party Advisory () https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis - Exploit, Third Party Advisory
References () https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ - Exploit, Third Party Advisory () https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ - Exploit, Third Party Advisory
References () https://github.com/rapid7/metasploit-framework/pull/16807 - Exploit, Patch, Third Party Advisory () https://github.com/rapid7/metasploit-framework/pull/16807 - Exploit, Patch, Third Party Advisory
Information

Published : 2022-08-16 20:15

Updated : 2024-11-21 07:14

NVD link : CVE-2022-37393

Mitre link : CVE-2022-37393

CVE.ORG link : CVE-2022-37393

JSON object : View

Products Affected

zimbra

  • collaboration
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo