CVE-2022-37042

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html	Exploit Third Party Advisory VDB Entry
https://wiki.zimbra.com/wiki/Security_Center	Patch Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zimbra:collaboration:8.8.15:-::::::
	cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-22

Information

Published : 2022-08-12 15:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-37042

Mitre link : CVE-2022-37042

CVE.ORG link : CVE-2022-37042

JSON object : View

Products Affected

zimbra

collaboration

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-37042", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-12T15:15:16.053", "references": [{"url": "http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925."}, {"lang": "es", "value": "Zimbra Collaboration Suite (ZCS) versiones 8.8.15 y 9.0, presenta una funcionalidad mboximport que recibe un archivo ZIP y extrae archivos de \u00e9l. Al omitir la autenticaci\u00f3n (es decir, al no tener un authtoken), un atacante puede cargar archivos arbitrarios en el sistema, conllevando a un salto de directorios y una ejecuci\u00f3n de c\u00f3digo remota. NOTA: este problema existe debido a una correcci\u00f3n incompleta de CVE-2022-27925."}], "lastModified": "2023-08-08T14:22:24.967", "cisaActionDue": "2022-09-01", "cisaExploitAdd": "2022-08-11", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability"}