Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS

CVE-2022-28762

7.3HIGH

Key Information

Vendor
Zoom
Status
Zoom Client For Meetings For Mac OS
Vendor
CVE Published:
14 October 2022

Summary

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.

Affected Version(s)

Zoom Client for Meetings for MacOS < next of 5.10.6

Zoom Client for Meetings for MacOS < 5.12.0

Refferences

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.