EPSS Calculator | SecOps Solution

EPSS Calculator

Following are the CVE details!

Oops! Something went wrong while submitting the form.

0.06%

EPSS Score

35.13%

CPR Score

Vulnerability ID

CVE-2022-3569

Severity

High

Severity Score

7.8

Summary

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

References

https://github.com/rapid7/metasploit-framework/pull/17141 https://twitter.com/ldsopreload/status/1580539318879547392 http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Mitigation and Patches

https://github.com/rapid7/metasploit-framework/pull/17141

Exploits

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb https://github.com/rapid7/metasploit-framework/pull/17141 http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Metasploit Payload

https://twitter.com/ldsopreload/status/1580539318879547392 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE ID

CWE-89

Workspace

Number of Users

1000

1000

1000

Send Unlimited Emails

100

500

1000

Campaigns & Newsletters

100

500

2000

Email Template Library

1000

1000

1000

Tags & Custom Fields

ROI & Conversion Tracking

1000

Multi-User Access

1000

ROI & Conversion Tracking

Media & Integration

Google Sheets

1000

2000

3000

Google Analytics

100

200

300

Unsplash

1000

1000

1000

Brandfetch

Youtube

Icons8

500

800

1600

See SecOps Solution
in action

Trusted By

Frequently Asked Questions

Feeling unsure? These might help!

Do I need a credit card for the Trial?

Nope. Just put in your email, create an account and start scanning!

Your platform is Agent-less. Can I scan my private servers?

Yes you can. Infact 95% of our customers use our SaaS platform to perform scans on their private servers.

Do you guys have on-prem installation as an option?

Yes, we do!

I am a Managed Security Service Provider(MSSP). And I am frustrated with Nessus reporting. Can you help?

We have special MSSP license with advanced reporting capabilities and multi-tenant support.

I have another security product and I want to integrate SecOps scanners. Do you support this?

Yes indeed! We have simple APIs built on open API 3 standard with detailed documentation to help you integrate.

Do you offer referral programs?

Not yet but watch this space for more soon!