← back
CVE-2022-37042

CVE-2022-37042

CVSS 9.8 CRITICALEPSS 88.3%● KEVCWE-22
In short

A flaw in Zimbra Collaboration Suite allows attackers to bypass login requirements and upload malicious files to the server, potentially taking complete control of the system. This happens through a feature that processes compressed archives without proper security checks.

Technical detail

CVE-2022-37042 is a directory traversal and remote code execution vulnerability in the mboximport functionality of Zimbra ZCS 8.8.15 and 9.0. An unauthenticated attacker can upload a crafted ZIP archive containing specially-crafted paths to extract files outside intended directories, bypassing authentication requirements and achieving code execution with server privileges. This represents an incomplete remediation of CVE-2022-27925.

Summary generated and translated by AI from the official description.
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/0xf4n9x/CVE-2022-3704229githubgithub.com/aels/CVE-2022-3704219githubgithub.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-279257cve_referencepacketstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.htmlhttps://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-37042