CVE-2022-37393

{"id": "CVE-2022-37393", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-16T20:15:07.860", "references": [{"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://github.com/rapid7/metasploit-framework/pull/16807", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}, {"lang": "es", "value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."}], "lastModified": "2022-08-18T17:12:32.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}