CVE-2022-3569

Summary

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Affected Software

VendorProductVersion RangeStatus
SynacorZimbra Collaboration Suite (ZCS)9.0.0 <= 9.0.0affected

Weaknesses

  • CWE-271: CWE-271 Privilege Dropping / Lowering Errors

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References