CVE-2024-27442 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-27442 PUBLISHED CVSS 7.800000190734863 HIGH

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.

EPSS 0.04% · 11.1th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.04%

11.1th percentile

Affected Products

Vendor	Product	Versions
zimbra	collaboration	10.0, 9.0
n/a	n/a	*
zimbra	collaboration	9.0.0, 9.0.0, 9.0.0

Timeline

Feb 28, 2024 CVE Published
Aug 13, 2024 EPSS Score
Sep 2, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 13, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 3, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Feb 12, 2025 EPSS Score

References

Open in Interactive Console →