Vulnerability Details : CVE-2022-37042
Public exploit exists!
Used for ransomware!
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2022-37042
- cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
CVE-2022-37042 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.
Notes:
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-37042
Added on
2022-08-11
Action due date
2022-09-01
Exploit prediction scoring system (EPSS) score for CVE-2022-37042
94.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-37042
-
Zip Path Traversal in Zimbra (mboximport) (CVE-2022-27925)
Disclosure Date: 2022-05-10First seen: 2022-12-23exploit/linux/http/zimbra_mboximport_cve_2022_27925This module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a p
CVSS scores for CVE-2022-37042
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-29 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-37042
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37042
-
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html
Zimbra Zip Path Traversal ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Zimbra Security Advisories - Zimbra :: Tech CenterVendor Advisory
-
https://wiki.zimbra.com/wiki/Security_Center
Security Center - Zimbra :: Tech CenterPatch;Vendor Advisory
Jump to