virus logo Intrusion Prevention

Zimbra.Collaboration.Mboximport.Unrestricted.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Unrestricted File Upload Vulnerability in Zimbra Collaboration.
This vulnerability is due to improper input validation. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successfully exploiting this vulnerability can result in uploading of web shells and remote code execution.

description-logoOutbreak Alert

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files. By bypassing authentication, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. The vulnerability exists due to an incomplete fix for CVE-2022-27925.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Zimbra Collaboration 8.8.15 before Patch 33
Zimbra Collaboration 9.0.0 before Patch 26

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://wiki.zimbra.com/wiki/Security_Center

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-08-17 21.376 Default_action:pass:drop
2022-08-15 21.374
ID 51994
Created Aug 15, 2022
Updated Aug 16, 2022
Outbreak Alert Zimbra Collaboration Mboximport
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2022-27925 CVE-2022-37042
Known Exploited Yes
Exploit Prediction Score 97.55%
Default Action drop
Active
Affected OS Linux, BSD
Affected App Other