A severe remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.
The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.
“The vulnerability is due to the method (cpio) in which Zimbra’s antivirus engine (Amavis) scans inbound emails,” cybersecurity firm Rapid7 said in an analysis published this week.
The issue is said to have been abused since early September 2022, according to details shared on Zimbra forums. While a fix is yet to be released, the software services company is urging users to install the “pax” utility and restart the Zimbra services.
“If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an unauthenticated attacker to create and overwrite files on the Zimbra server, including the Zimbra webroot,” the company said last month.
