Improper Access Control in Pexip Infinity Product by Pexip
CVE-2022-25357

5.3MEDIUM

Key Information:

Vendor: Pexip
Status: Pexip Infinity
Vendor: CVE Published:; 17 July 2022

What is CVE-2022-25357?

Versions of Pexip Infinity prior to 27.2 exhibit improper access control vulnerabilities, permitting unauthorized users to join secured conferences that are configured with a lock but without a required PIN. This flaw can potentially compromise the integrity and confidentiality of the meetings, as it allows attackers to circumvent the intended access restrictions.

References

https://docs.pexip.com/admin/security_bulletins.htm#CVE-2...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2022
Vulnerability Reserved
Feb 18, 2022

JSON