Zimbra Exploit Added to CISA KVE

CISA on Thursday, Oct 20 added the Zimbra Collaboration exploit to the Known Vulnerabilities Exploit catalog (KVE).

The issue is tracked as CVE-2022-41352, this is a remote code execution vulnerability that has to do with cpio a third-party utility tool used to extract archive attachments from an email. Which allows a threat actor to carry out the execution of arbitrary code on a vulnerable zimbra instance without authorization. This can be exploited by an attacker sending malicious email attachments to a vulnerable server.

Once inside, for example, an attacker may be able to extract emails, tamper with user accounts, and wipe information.

The latest ZCS version 9.0.0 P27 replaces the vulnerable component, cpio, with pax, which performs a similar function.