#VU66173 Path traversal in Zimbra Collaboration - CVE-2022-27925

Cybersecurity Help s.r.o.

Published: 2022-08-08 | Updated: 2023-12-19

Vulnerability identifier: #VU66173

Vulnerability risk: Medium

CVSSv4.0: 5.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2022-27925

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Zimbra Collaboration
Web applications / Webmail solutions

Vendor: Synacor Inc.

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file name inside a zip archive in mboximport (MailboxImportServlet). A remote user can upload a specially crafted archive and write files to an arbitrary location on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Zimbra Collaboration: 8.8.15 Patch 1 - 9.0.0

External links
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P31#Security_Fixes

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Zimbra Collaboration