Threat Advisory

Zimbra Affected with a Zero-Day Vulnerability

October 21, 2022 | By Accorian

Recently, Zimbra released patches to address a vulnerability in their enterprise collaboration software that was being aggressively abused and that could be used to upload arbitrary files to affected instances. The bug has the CVE-2022-41352 identifier and a 9.8 CVSS rating. The Zimbra Suite’s Amavis component is impacted by the flaw. Amavis is an open-source content filter, and the cpio tool it employs for scanning and extracting archives is part of that. Incorrect access to other user accounts may be achieved by an attacker using the cpio package, according to Zimbra.

An attacker must send an email containing a specially constructed TAR archive attachment in order to exploit the vulnerability. When Amavis receives the email, it submits it, and the cpio module is utilized to launch the exploit. Approximately 1,600 Zimbra servers are infected, the incident response report indicates.

With ZCS version 9.0.0 P27 and Zimbra 8.8.15 Patch 34, Zimbra fixed this vulnerability by substituting Pax for the vulnerable component (cpio) and removing the weak link that allows for exploitation. All Zimbra users are encouraged by Accorian to update to the most recent versions.

Accorian can help identify this vulnerability in your environment. 


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide