CVE-2022-41347

EUVD-2022-44552
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
zimbracollaboration
8.8.15
zimbracollaboration
9.0.0
𝑥
= Vulnerable software versions
References
https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/
https://github.com/darrenmartyn/zimbra-hinginx
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/
https://github.com/darrenmartyn/zimbra-hinginx
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories