← back
CVE-2022-41352

CVE-2022-41352

CVSS 9.8 CRITICALEPSS 95.5%● KEVCWE-22
In short

Zimbra Collaboration has a vulnerability that allows attackers to upload malicious files through the email scanning system (amavis), which can then be accessed by other users. This happens because of a flaw in how files are extracted and stored, potentially giving attackers access to other people's accounts.

Technical detail

CVE-2022-41352 exploits a path traversal vulnerability (CWE-22) in amavis integration where cpio extraction to /opt/zimbra/jetty/webapps/zimbra/public allows arbitrary file upload and placement, enabling unauthorized access to other user accounts. Exploitation requires the ability to send crafted email attachments through amavis; remediation involves switching from cpio to pax for archive extraction.

Summary generated and translated by AI from the official description.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/Cr4ckC4t/cve-2022-41352-zimbra-rce109githubgithub.com/segfault-it/cve-2022-413528githubgithub.com/qailanet/cve-2022-41352-zimbra-rce0cve_referencepacketstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.htmlhttps://forums.zimbra.org/viewtopic.php?t=71153&p=306532https://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41352https://www.secpod.com/blog/unpatched-rce-bug-in-zimbra-collaboration-suite-exploited-in-wild/