Vulnerability Description
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synacor | Zimbra Collaboration Suite | <= 9.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/rapid7/metasploit-framework/pull/17141ExploitIssue TrackingPatch
- https://twitter.com/ldsopreload/status/1580539318879547392Third Party Advisory
- http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/rapid7/metasploit-framework/pull/17141ExploitIssue TrackingPatch
- https://twitter.com/ldsopreload/status/1580539318879547392Third Party Advisory
FAQ
What is CVE-2022-3569?
CVE-2022-3569 is a vulnerability with a CVSS score of 7.8 (HIGH). Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively c...
How severe is CVE-2022-3569?
CVE-2022-3569 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3569?
Check the references section above for vendor advisories and patch information. Affected products include: Synacor Zimbra Collaboration Suite.