admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-373xx/CVE-2022-37393.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

443 lines
17 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-37393",
"sourceIdentifier": "cve@rapid7.com",
"published": "2022-08-16T20:15:07.860",
"lastModified": "2024-11-21T07:14:54.630",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root."
},
{
"lang": "es",
"value": "La configuraci\u00f3n sudo de Zimbra permite al usuario zimbra ejecutar el binario zmslapd como root con par\u00e1metros arbitrarios. Como parte de su funcionalidad prevista, zmslapd puede cargar un archivo de configuraci\u00f3n definido por el usuario, que incluye plugins en forma de archivos .so, que tambi\u00e9n son ejecutadas como root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@rapid7.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "144C9B35-9A82-4A47-82E3-0E0CA71E0C7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01379F5C-0157-4880-913A-67729D63E970"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD06515-D376-4788-A9E6-5531D08BFDD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68411C-B094-4895-9AF9-C7FFA9479D0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:-:*:*:*:*:*:*",
"matchCriteriaId": "C5D00519-8429-4C8F-A455-F5DD246D4009"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p1:*:*:*:*:*:*",
"matchCriteriaId": "519F4C15-811A-4A76-A7F4-251E17DCA7B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p10:*:*:*:*:*:*",
"matchCriteriaId": "B8961767-9B1D-4AF6-A014-9770FF925FE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p11:*:*:*:*:*:*",
"matchCriteriaId": "56736F6C-E472-4D81-A4DF-7B4D7D3F4232"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p12:*:*:*:*:*:*",
"matchCriteriaId": "E7802EA0-016C-432B-9C57-BD75817CCA49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p13:*:*:*:*:*:*",
"matchCriteriaId": "45760766-95FA-485A-BB1F-76CC78D2BB47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p14:*:*:*:*:*:*",
"matchCriteriaId": "D5B0658C-9278-4078-8DB7-D4A693B4B5F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p15:*:*:*:*:*:*",
"matchCriteriaId": "649EA6F7-1A0B-4B68-AD00-364F85734CF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p2:*:*:*:*:*:*",
"matchCriteriaId": "1F9A281D-09CC-4AFA-9854-D6228C73271B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "508EC887-BD57-4CD8-B6FC-453212684641"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "52FCDC0C-63C5-4105-872D-C8517DFFAD05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "FFA94BE6-031F-4279-95DA-D95A83CCE808"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p6:*:*:*:*:*:*",
"matchCriteriaId": "7757D0F0-900A-4F36-8975-B493EBBD5977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p7:*:*:*:*:*:*",
"matchCriteriaId": "98483031-531D-44BA-95E5-FCE02768C8DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p8:*:*:*:*:*:*",
"matchCriteriaId": "A1AC65E0-7DF7-43AD-A539-A62FB50B027C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.7.11:p9:*:*:*:*:*:*",
"matchCriteriaId": "1E9306C5-E541-4CFB-9BF9-DF9CABE19A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0677-D894-47D9-8840-FCF2BEDB1DE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43EDB16D-8825-456A-A904-BC22B4515CB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70B8B9C4-7764-474A-B428-02ACF9B7796E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB754D1-ECD8-4F4E-8328-0A6D1D4484AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C6CB7A-3FC1-4FD0-8529-9F9414615895"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA92EF6-1745-4441-8C40-E8E646A3B5E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:-:*:*:*:*:*:*",
"matchCriteriaId": "2948265E-41C3-420C-8EBB-06779B4159E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C386097D-3717-4CE4-9A7D-D9F79349F962"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "B70BD874-A325-4573-97A6-B2960F8C3A3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "EEF3C967-F801-4DA4-A500-AC26CBD69095"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "A4AE8C84-EF5B-4720-8530-086FC4D6E2F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:-:*:*:*:*:*:*",
"matchCriteriaId": "22FB2707-4CC0-4176-B91A-778E3CE4D67B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p1:*:*:*:*:*:*",
"matchCriteriaId": "20F1987A-96A3-4CFD-B47A-C6E4D8A0D359"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p10:*:*:*:*:*:*",
"matchCriteriaId": "7E6E2A24-085D-48BE-A395-8C9EFB1DD00C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.9:p3:*:*:*:*:*:*",
"matchCriteriaId": "C9F5B9C5-2BD5-4205-8119-61F4E9E16141"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:-:*:*:*:*:*:*",
"matchCriteriaId": "030FE87C-00C4-4187-ACA5-09DB7FED5E49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.10:p8:*:*:*:*:*:*",
"matchCriteriaId": "C073A50A-E2DC-4D9C-8F06-D569997817E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:-:*:*:*:*:*:*",
"matchCriteriaId": "5328F774-1379-46A4-AB13-63202B9AA503"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p3:*:*:*:*:*:*",
"matchCriteriaId": "CFF73FAD-FCB2-4054-9544-39AEFBDCECC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p4:*:*:*:*:*:*",
"matchCriteriaId": "2BD596FB-2B50-4D0A-B230-6862E6172D09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.11:p5:*:*:*:*:*:*",
"matchCriteriaId": "7E43D54E-A10C-4E05-B745-D12E6585E7F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:-:*:*:*:*:*:*",
"matchCriteriaId": "A2B204A5-1E74-444B-B20C-3A36E43482EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p3:*:*:*:*:*:*",
"matchCriteriaId": "F7F04FB4-AE06-4863-A361-76DB91A12E7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.12:p4:*:*:*:*:*:*",
"matchCriteriaId": "F5E0C63F-8DF3-49C5-83A6-6C7F6F1D8F46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
}
]
}
]
}
],
"references": [
{
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/16807",
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/16807",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink