CVE-2022-41352 Zimbra Collaboration (ZCS) Vulnerability
CVE: CVE-2022-41352
Vendor: Zimbra
Software: Collaboration (ZCS)
Date Last Updated: 10/24/2022
CVSS Score: 9.8
CVSS Severity: Critical
EPSS Probability: 0.14903
EPSS Percentile: 95.739
CISA KEV Date Added: 10/24/2022
CISA KEV Due Date: 11/10/2022
Nucleus Security Research Team Analysis
Last Updated: October 24th, 2022
First disclosed on the Zimbra forums on September 25, CVE-2022-41352 was deemed a zero-day affecting up to 876 Zimbra servers during a wave of mass exploitation. The vulnerability exists due to the mechanism in which Amavis (Zimbra’s antivirus engine) scans inbound emails and their attachments, with the addition of an outdated cpio package. An official security advisory has been published and linked below, as well as an update from Zimbra with a warning to install the package pax as this is what Amavis uses to extract contents of compressed attachments.
Zimbra points out that this package should be installed as a dependency of Zimbra, however some CentOS installations may be missing the package. Moving forward, this package will now be a requirement for Zimbra installations to allow from Amavis to behave properly when assessing attachments. An update to 9.0.0 P27 will resolve this and several other vulnerabilities
Security Advisory: