Local Privilege Escalation Vulnerability in Zimbra Collaboration Suite (ZCS) Versions 9.0.0 and Prior

Local Privilege Escalation Vulnerability in Zimbra Collaboration Suite (ZCS) Versions 9.0.0 and Prior

CVE-2022-3569 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

Learn more about our User Device Pen Test.