CVE-2024-27442

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 755
CWE ID 269

Summary

CVE-2024-27442 is a privilege escalation vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. The zmmailboxdmgr binary, which runs with root privileges for specific mailbox operations, contains an issue that allows an attacker to escalate privileges from the zimbra user to root. This is due to improper handling of input arguments. Consequently, an attacker can execute arbitrary commands with elevated privileges, exploiting this local vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zimbra Collaboration Suite

Affected Vendors

  • Zimbra