HTTP: Zimbra Collaboration Suite directory traversal and remote code execution
This signature detects attempts to exploit a known vulnerability against Zimbra Collaboration Suite. A successful attack can lead to arbitrary code execution.
Extended Description
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Affected Products
Synacor zimbra_collaboration_suite
References
CVE: CVE-2022-27925
URL: https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-37042.yaml https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37042 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
Short Name
HTTP:CTS:ZIMBRA-CS-DIRTRV-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-27925 CVE-2022-37042 Collaboration Suite Zimbra and code directory execution remote traversal
Release Date
08/22/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3789
False Positive
Unknown
Vendors
Synacor