Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-27442 | First vendor Publication | 2024-08-12 |
| Vendor | Cve | Last vendor Modification | 2024-08-13 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27442 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-755 | Improper Handling of Exceptional Conditions |
CPE : Common Platform Enumeration
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-10-22 03:04:06 |
|
| 2024-10-08 02:49:30 |
|
| 2024-10-04 02:48:36 |
|
| 2024-08-14 17:27:25 |
|
| 2024-08-13 21:27:28 |
|
| 2024-08-13 00:27:25 |
|
| 2024-08-12 21:27:26 |
|
