Rewterz Threat Advisory – Multiple Zoom On-Premise Meeting Connector MMR Vulnerabilities
August 12, 2022Rewterz Threat Update – Pakistan Officials Must Be Vigilant Regarding The Hacking Attempts On Independence Day
August 12, 2022Rewterz Threat Advisory – Multiple Zoom On-Premise Meeting Connector MMR Vulnerabilities
August 12, 2022Rewterz Threat Update – Pakistan Officials Must Be Vigilant Regarding The Hacking Attempts On Independence Day
August 12, 2022Severity
High
Analysis Summary
CVE-2022-37042 CVSS:9.8
Zimbra Collaboration Suite (ZCS) could allow a remote attacker to traverse directories on the system, caused by improper archive file validation by the mboximport function. An attacker could use a specially-crafted archive file containing “dot dot” sequences (/../) to execute arbitrary code on the system.
CVE-2022-27925 CVSS:7.2
Zimbra Collaboration could allow a remote authenticated attacker to traverse directories on the system, caused by improper ZIP archive validation by the mboximport function. An attacker could use a specially-crafted URL request containing “dot dot” sequences (/../) to execute arbitrary code on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-37042
- CVE-2022-27925
Affected Vendors
Zimbra
Affected Products
- Zimbra Zimbra Collaboration Suite (ZCS) 8.8.15
- Zimbra Zimbra Collaboration Suite (ZCS) 9.0
- Zimbra Collaboration 8.8.15
- Zimbra Collaboration 9.0
Remediation
Upgrade to the latest version of Zimbra Collaboration Suite (ZCS), available from the Zimbra Website.