Vulnerability Details : CVE-2022-27925
Public exploit exists!
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Vulnerability category: Directory traversal
Products affected by CVE-2022-27925
- cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
CVE-2022-27925 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.
Notes:
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-27925
Added on
2022-08-11
Action due date
2022-09-01
Exploit prediction scoring system (EPSS) score for CVE-2022-27925
90.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-27925
-
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
Disclosure Date: 2022-05-10First seen: 2022-12-23exploit/linux/http/zimbra_mboximport_cve_2022_27925This module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a p
CVSS scores for CVE-2022-27925
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2022-27925
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-27925
-
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
Zimbra Releases/9.0.0/P24 - Zimbra :: Tech CenterRelease Notes;Vendor Advisory
-
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html
Zimbra Zip Path Traversal ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Zimbra Security Advisories - Zimbra :: Tech CenterVendor Advisory
-
https://wiki.zimbra.com/wiki/Security_Center
Security Center - Zimbra :: Tech CenterVendor Advisory
Jump to