Vulnerability Details : CVE-2022-37393
Public exploit exists!
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-37393
- cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*
- cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-37393
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-37393
-
Zimbra zmslapd arbitrary module load
Disclosure Date: 2021-10-27First seen: 2022-12-23exploit/linux/local/zimbra_slapper_priv_escThis module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined c
CVSS scores for CVE-2022-37393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-37393
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cve@rapid7.con (Secondary)
References for CVE-2022-37393
-
https://github.com/rapid7/metasploit-framework/pull/16807
New module for 0-day Zimbra privilege escalation ("slapper") by rbowes-r7 · Pull Request #16807 · rapid7/metasploit-framework · GitHubExploit;Patch;Third Party Advisory
-
https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
CVE-2022-37393 | AttackerKBExploit;Third Party Advisory
-
https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/
Zimbra “zmslapd” Local Root Exploit. – Darren MartynExploit;Third Party Advisory
Jump to