EPSS Calculator | SecOps Solution

EPSS Calculator

Following are the CVE details!

Oops! Something went wrong while submitting the form.

0.06%

EPSS Score

35.13%

CPR Score

Vulnerability ID

CVE-2022-3569

Severity

High

Severity Score

7.8

Summary

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

References

https://github.com/rapid7/metasploit-framework/pull/17141 https://twitter.com/ldsopreload/status/1580539318879547392 http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Mitigation and Patches

https://github.com/rapid7/metasploit-framework/pull/17141

Exploits

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb https://github.com/rapid7/metasploit-framework/pull/17141 http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html

Metasploit Payload

https://twitter.com/ldsopreload/status/1580539318879547392 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/zimbra_postfix_priv_esc.rb

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE ID

CWE-89

Workspace

Number of Users

1000

1000

1000

Send Unlimited Emails

100

500

1000

Campaigns & Newsletters

100

500

2000

Email Template Library

1000

1000

1000

Tags & Custom Fields

ROI & Conversion Tracking

1000

Multi-User Access

1000

ROI & Conversion Tracking

Media & Integration

Google Sheets

1000

2000

3000

Google Analytics

100

200

300

Unsplash

1000

1000

1000

Brandfetch

Youtube

Icons8

500

800

1600

Want to act on these EPSS scores?

See SecOps Solution
in action