Security News > 2022 > October > Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)
A still unpatched vulnerability in Zimbra Collaboration is being exploited by attackers to achieve remote code execution on vulnerable servers.
Zimbra Collaboration is cloud-hosted collaboration software suite that also includes an email server component and a web client component.
"This issue will also be addressed in the next Zimbra patch where we will make pax a requirement of Zimbra," they added, but did not say when that patch will be released.
If Zimbra is running on Ubuntu 20.04 or 18.04, admins don't have to do anything, but Oracle Linux 8, Red Hat Enterprise Linux 8, Rocky Linux 8 and CentOS 8 are vulnerable to attack and should implement the workaround.
Security-wise, this has been a bad year for Zimbra and its users: as documented in this CISA alert, five other vulnerabilities have been exploited by attackers since the beginning of the year, and now CVE-2022-41352.
"It's not really fault, they use Amavis which uses cpio which is vulnerable to CVE-2015-1197, but the attack surface for incoming emails is HUGE. Not to mention, this is one of several vulnerabilities this year that was being exploited in the wild before being discovered, which means Zimbra is an active target for the Bad Guys," Bowes noted.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-26 | CVE-2022-41352 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 9.8 |
| 2015-02-19 | CVE-2015-1197 | Unspecified vulnerability in GNU Cpio 2.11 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | 0.0 |