Vulnerability Details : CVE-2019-9621
Public exploit exists!
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2019-9621
- cpe:2.3:a:zimbra:collaboration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p12:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p9:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.11:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p10:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p11:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.6.0:p9:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.7.11:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.10:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.11:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration_server:8.8.11:p2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9621
77.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-9621
-
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
Disclosure Date: 2019-03-13First seen: 2020-04-26exploit/linux/http/zimbra_xxe_rceThis module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration
CVSS scores for CVE-2019-9621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-9621
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9621
-
https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html
tint0: A Saga of Code Executions on ZimbraThird Party Advisory
-
http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://blog.zimbra.com/2019/03/9826/
[REPOST] Recent Zimbra XXE / SSRF Vulnerability Disclosure - Zimbra : BlogVendor Advisory
-
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Zimbra Security Advisories - Zimbra :: Tech CenterVendor Advisory
-
https://wiki.zimbra.com/wiki/Security_Center
Security Center - Zimbra :: Tech CenterRelease Notes;Vendor Advisory
-
http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF | Rapid7Exploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/46693/
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
https://bugzilla.zimbra.com/show_bug.cgi?id=109127
Bug 109127 – SSRF vulnerability - ProxyServlet [CWE-918 / CWE-807]
-
http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html
Zimbra XML Injection / Server-Side Request Forgery ≈ Packet Storm
Jump to