What is CVE-2022-3569?

CVE-2022-3569 is a vulnerability in Synacor Zimbra Collaboration Suite (Zcs), classified under Privilege Dropping / Lowering Errors. Published 2022-10-17.

Is CVE-2022-3569 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Synacor Zimbra Collaboration Suite (Zcs)

CVE-2022-3569

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary co…

EPSS: 0.028 (86.5th percentile) — read the EPSS interpretation.

Affected products

Synacor Zimbra Collaboration Suite (Zcs) — versions 9.0.0

Weakness classification (CWE)

CWE-271 — Privilege Dropping / Lowering Errors

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

twitter.com/ldsopreload/status/1580539318879547392
github.com/rapid7/metasploit-framework/pull/17141
packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Frequently asked questions

What is CVE-2022-3569?: CVE-2022-3569 is a vulnerability in Synacor Zimbra Collaboration Suite (Zcs), classified under Privilege Dropping / Lowering Errors. Published 2022-10-17.
Is CVE-2022-3569 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.