A serious remote code execution vulnerability is being actively exploited in Zimbra's

Image credit : Google

Agubey

The flaw, assigned CVE-2022-41352, has a critical-severity rating of CVSS 9.8, and provides a means for attackers to upload arbitrary files and perform malicious actions on affected installations.

Image credit : Google

"The vulnerability is caused by the way Zimbra's antivirus engine (Amavis) scans inbound emails (cpio)," cybersecurity firm Rapid7 said in an analysis published this week.

Image credit : Google

According to details shared on the Zimbra forums, the issue is said to have been exploited since early September 2022.

Image credit : Google

Although the fix is not yet released, Zimbra is asking users to install the "pax" utility and restart the Zimbra services.

Image credit : Google

"If the pax package is not installed, Amavis falls back to using cpio, an unfortunately fall-back that is poorly implemented (by Amavis) and allows an unauthorized attacker to create and overwrite files on a Zimbra server 

Image credit : Google

The vulnerability, which is present in software versions 8.8.15 and 9.0, affects many Linux distributions except Ubuntu, including Oracle Linux 8, Red Hat Enterprise Linux 8 

Image credit : Google

The vulnerability, which is present in software versions 8.8.15 and 9.0, affects many Linux distributions except Ubuntu, including Oracle Linux 8, Red Hat Enterprise Linux 8 

Image credit : Google

Share If You Liked the Story