Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-27442
HistoryAug 12, 2024 - 3:15 p.m.

CVE-2024-27442

2024-08-1215:15:20
CWE-269
CWE-755
[email protected]
web.nvd.nist.gov
2
cve-2024-27442
zimbra collaboration
privilege escalation
zmmailboxdmgr
local

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.5%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

Affected configurations

Nvd
Node
zimbracollaborationRange10.0.010.0.7
OR
zimbracollaborationMatch9.0.0-
OR
zimbracollaborationMatch9.0.0p0
OR
zimbracollaborationMatch9.0.0p1
OR
zimbracollaborationMatch9.0.0p10
OR
zimbracollaborationMatch9.0.0p11
OR
zimbracollaborationMatch9.0.0p12
OR
zimbracollaborationMatch9.0.0p13
OR
zimbracollaborationMatch9.0.0p14
OR
zimbracollaborationMatch9.0.0p15
OR
zimbracollaborationMatch9.0.0p16
OR
zimbracollaborationMatch9.0.0p19
OR
zimbracollaborationMatch9.0.0p2
OR
zimbracollaborationMatch9.0.0p20
OR
zimbracollaborationMatch9.0.0p21
OR
zimbracollaborationMatch9.0.0p23
OR
zimbracollaborationMatch9.0.0p24
OR
zimbracollaborationMatch9.0.0p24.1
OR
zimbracollaborationMatch9.0.0p25
OR
zimbracollaborationMatch9.0.0p26
OR
zimbracollaborationMatch9.0.0p27
OR
zimbracollaborationMatch9.0.0p3
OR
zimbracollaborationMatch9.0.0p30
OR
zimbracollaborationMatch9.0.0p31
OR
zimbracollaborationMatch9.0.0p32
OR
zimbracollaborationMatch9.0.0p33
OR
zimbracollaborationMatch9.0.0p34
OR
zimbracollaborationMatch9.0.0p35
OR
zimbracollaborationMatch9.0.0p36
OR
zimbracollaborationMatch9.0.0p37
OR
zimbracollaborationMatch9.0.0p38
OR
zimbracollaborationMatch9.0.0p4
OR
zimbracollaborationMatch9.0.0p5
OR
zimbracollaborationMatch9.0.0p6
OR
zimbracollaborationMatch9.0.0p7
OR
zimbracollaborationMatch9.0.0p7.1
OR
zimbracollaborationMatch9.0.0p8
OR
zimbracollaborationMatch9.0.0p9
VendorProductVersionCPE
zimbracollaboration*cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*
Rows per page:
1-10 of 381

Related

cvelist 1
vulnrichment 1
cve 1
cvelist
cvelist
CVE-2024-27442
2024-08-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-27442
2024-08-12 00:00:00
cve
cve
CVE-2024-27442
2024-08-12 15:15:20

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.5%

JSON
Related for NVD:CVE-2024-27442
cvelist1vulnrichment1cve1