Local Privilege Escalation Flaw in Zimbra Collaboration Suite by Zimbra
CVE-2023-24032

7.8HIGH

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 15 June 2023

What is CVE-2023-24032?

In versions 9.0 and 8.8.15 of the Zimbra Collaboration Suite, an attacker who initially has user access to a Zimbra server can exploit a flaw by modifying JVM arguments, which allows them to execute commands with root privileges. This potential for local privilege escalation poses significant risks to the integrity and confidentiality of the system. Users are advised to apply security patches and follow best practices for access control.

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

https://wiki.zimbra.com/wiki/Security_Center

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jan 20, 2023