CVE-2024-27442

EPSS 0.03%
Veröffentlicht 12.08.2024 15:15:20
Zuletzt bearbeitet 13.08.2024 17:30:36
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version >= 10.0.0 < 10.0.7

Zimbra ≫ Collaboration Version9.0.0 Update-

Zimbra ≫ Collaboration Version9.0.0 Updatep0

Zimbra ≫ Collaboration Version9.0.0 Updatep1

Zimbra ≫ Collaboration Version9.0.0 Updatep10

Zimbra ≫ Collaboration Version9.0.0 Updatep11

Zimbra ≫ Collaboration Version9.0.0 Updatep12

Zimbra ≫ Collaboration Version9.0.0 Updatep13

Zimbra ≫ Collaboration Version9.0.0 Updatep14

Zimbra ≫ Collaboration Version9.0.0 Updatep15

Zimbra ≫ Collaboration Version9.0.0 Updatep16

Zimbra ≫ Collaboration Version9.0.0 Updatep19

Zimbra ≫ Collaboration Version9.0.0 Updatep2

Zimbra ≫ Collaboration Version9.0.0 Updatep20

Zimbra ≫ Collaboration Version9.0.0 Updatep21

Zimbra ≫ Collaboration Version9.0.0 Updatep23

Zimbra ≫ Collaboration Version9.0.0 Updatep24

Zimbra ≫ Collaboration Version9.0.0 Updatep24.1

Zimbra ≫ Collaboration Version9.0.0 Updatep25

Zimbra ≫ Collaboration Version9.0.0 Updatep26

Zimbra ≫ Collaboration Version9.0.0 Updatep27

Zimbra ≫ Collaboration Version9.0.0 Updatep3

Zimbra ≫ Collaboration Version9.0.0 Updatep30

Zimbra ≫ Collaboration Version9.0.0 Updatep31

Zimbra ≫ Collaboration Version9.0.0 Updatep32

Zimbra ≫ Collaboration Version9.0.0 Updatep33

Zimbra ≫ Collaboration Version9.0.0 Updatep34

Zimbra ≫ Collaboration Version9.0.0 Updatep35

Zimbra ≫ Collaboration Version9.0.0 Updatep36

Zimbra ≫ Collaboration Version9.0.0 Updatep37

Zimbra ≫ Collaboration Version9.0.0 Updatep38

Zimbra ≫ Collaboration Version9.0.0 Updatep4

Zimbra ≫ Collaboration Version9.0.0 Updatep5

Zimbra ≫ Collaboration Version9.0.0 Updatep6

Zimbra ≫ Collaboration Version9.0.0 Updatep7

Zimbra ≫ Collaboration Version9.0.0 Updatep7.1

Zimbra ≫ Collaboration Version9.0.0 Updatep8

Zimbra ≫ Collaboration Version9.0.0 Updatep9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-27442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27442

EUVD