Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html | Exploit Third Party Advisory VDB Entry |
https://wiki.zimbra.com/wiki/Security_Center | Patch Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 |
Information
Published : 2022-08-12 15:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-37042
Mitre link : CVE-2022-37042
CVE.ORG link : CVE-2022-37042
JSON object : View
Products Affected
zimbra
- collaboration
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')