CVE-2022-41347

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/	Exploit Third Party Advisory
https://github.com/darrenmartyn/zimbra-hinginx	Third Party Advisory
https://wiki.zimbra.com/wiki/Security_Center	Patch Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::

History

No history.

Information

Published : 2022-09-26 02:15

Updated : 2022-09-28 17:04

NVD link : CVE-2022-41347

Mitre link : CVE-2022-41347

CVE.ORG link : CVE-2022-41347

JSON object : View

Products Affected

zimbra

collaboration

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-41347", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-09-26T02:15:10.620", "references": [{"url": "https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/darrenmartyn/zimbra-hinginx", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."}, {"lang": "es", "value": "Se ha detectado un problema en Zimbra Collaboration (ZCS) versiones 8.8.x y 9.x (por ejemplo, 8.8.15). La configuraci\u00f3n Sudo permite al usuario zimbra ejecutar el binario NGINX como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, NGINX puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutados como root."}], "lastModified": "2022-09-28T17:04:56.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}