# (CVE-2022-41352) Zimbra Unauthenticated RCE

> CVE-2022-41352 is an arbitrary file write vulnerability in Zimbra mail servers due to the use of a vulnerable `cpio` version.

- [CVE-2022-41352 (](
- [CVE-2022-41352 (Rapid7 Analysis)](

**Affected [Zimbra versions](**
- Zimbra <9.0.0.p27
- Zimbra <8.8.15.p34

(Refer to the [patch notes]( for more details.)


In order to fix the vulnerability apply the latest patch (9.0.0.p27 and 8.8.15.p34 respectively) - or install `pax` and restart the server.


You can either use flags or manipulate the default configuration in the script manually (config block at the top).
Use `-h` for help.
$ python -h

$ vi
# Change the config items.

$ python manual
# This will create an attachment that you can then send to the target server.
# The recipient does not necessarily have to exist - if the email with the attachment is parsed by the server the arbitrary file write in cpio will be triggered.


(The above screenshot shows a wrong output for the email body but that has been fixed.)