Active Exploitation of Critical Vulnerability in Zimbra Collaboration Suite

Published on 17 Oct 2022

Updated on 18 Oct 2022

Zimbra has released security fixes for a critical remote code execution (RCE) vulnerability (CVE-2022-41352) in their Zimbra Collaboration Suite (ZCS) products. The RCE vulnerability can be exploited by sending an email with a malicious archive attachment that plants a webshell. This vulnerability is reportedly being actively exploited. 

All ZCS instances using cpio, a general file archiver utility, are affected by this vulnerability. The latest ZCS version 9.0.0 P27 replaces the vulnerable component, cpio, with pax, which performs a similar function.

Administrators and users of affected products are advised to upgrade to the latest version immediately.

More information is available here:
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27
https://nvd.nist.gov/vuln/detail/CVE-2022-41352