CVE-2022-37393

high

Description

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

References

https://github.com/rapid7/metasploit-framework/pull/16807

https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/

https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis

Details

Source: Mitre, NVD

Published: 2022-08-16

Updated: 2022-08-18

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High