← Back

CVE-2024-27442

nvd nist
Published: Aug 12, 2024Modified: Aug 13, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Affected (38)

Zimbra
1 product
Collaboration
Configuration A
38 vulnerable
Vulnerable SoftwareAffected Versions
Zimbra
Collaboration
From 10.0.0 to 10.0.7
Collaboration
Version 9.0.0
Collaboration
Version 9.0.0 p0
Collaboration
Version 9.0.0 p10
Collaboration
Version 9.0.0 p11
Collaboration
Version 9.0.0 p12
Collaboration
Version 9.0.0 p13
Collaboration
Version 9.0.0 p14
Collaboration
Version 9.0.0 p15
Collaboration
Version 9.0.0 p16
Collaboration
Version 9.0.0 p19
Collaboration
Version 9.0.0 p1
Collaboration
Version 9.0.0 p20
Collaboration
Version 9.0.0 p21
Collaboration
Version 9.0.0 p23
Collaboration
Version 9.0.0 p24.1
Collaboration
Version 9.0.0 p24
Collaboration
Version 9.0.0 p25
Collaboration
Version 9.0.0 p26
Collaboration
Version 9.0.0 p27
Collaboration
Version 9.0.0 p2
Collaboration
Version 9.0.0 p30
Collaboration
Version 9.0.0 p31
Collaboration
Version 9.0.0 p32
Collaboration
Version 9.0.0 p33
Collaboration
Version 9.0.0 p34
Collaboration
Version 9.0.0 p35
Collaboration
Version 9.0.0 p36
Collaboration
Version 9.0.0 p37
Collaboration
Version 9.0.0 p38
Collaboration
Version 9.0.0 p3
Collaboration
Version 9.0.0 p4
Collaboration
Version 9.0.0 p5
Collaboration
Version 9.0.0 p6
Collaboration
Version 9.0.0 p7.1
Collaboration
Version 9.0.0 p7
Collaboration
Version 9.0.0 p8
Collaboration
Version 9.0.0 p9

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (2)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes

Timeline

No history available yet.