CVE-2022-22782

Published: Apr 28, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.

Affected (4)

Products: Zoom: Meetings, Rooms For Conference Rooms, Vdi Windows Meeting Clients, Zoom Plugin For Microsoft Outlook

Zoom

4 products

Meetings

Rooms For Conference Rooms

Vdi Windows Meeting Clients

Zoom Plugin For Microsoft Outlook

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings	Before 5.9.7
Zoom Rooms For Conference Rooms	Before 5.10.0
Zoom Vdi Windows Meeting Clients	Before 5.9.6
Zoom Zoom Plugin For Microsoft Outlook	Before 5.10.3

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.