CVE-2024-27442
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 755
CWE ID 269
Summary
CVE-2024-27442 is a privilege escalation vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. The zmmailboxdmgr binary, which runs with root privileges for specific mailbox operations, contains an issue that allows an attacker to escalate privileges from the zimbra user to root. This is due to improper handling of input arguments. Consequently, an attacker can execute arbitrary commands with elevated privileges, exploiting this local vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Zimbra Collaboration Suite
Affected Vendors
- Zimbra