Vulnerability Details : CVE-2019-9670
Public exploit exists!
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2019-9670
- cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p8:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p7:*:*:*:*:*:*
- cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p9:*:*:*:*:*:*
CVE-2019-9670 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
CISA required action:
Apply updates per vendor instructions.
CISA description:
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-9670
Added on
2022-01-10
Action due date
2022-07-10
Exploit prediction scoring system (EPSS) score for CVE-2019-9670
94.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-9670
-
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
Disclosure Date: 2019-03-13First seen: 2020-04-26exploit/linux/http/zimbra_xxe_rceThis module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration
CVSS scores for CVE-2019-9670
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-24 |
CWE ids for CVE-2019-9670
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-9670
-
https://bugzilla.zimbra.com/show_bug.cgi?id=109129
Bug 109129 – XXE [CWE-611]Issue Tracking;Patch;Third Party Advisory
-
https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerabilityExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Zimbra Security Advisories - Zimbra :: Tech CenterVendor Advisory
-
http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF | Rapid7Third Party Advisory
-
https://www.exploit-db.com/exploits/46693/
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)Exploit;Third Party Advisory;VDB Entry
Jump to