Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS
CVE-2022-28762
7.3HIGH
Key Information
- Vendor
- Zoom
- Status
- Zoom Client For Meetings For Mac OS
- Vendor
- CVE Published:
- 14 October 2022
Summary
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.
Affected Version(s)
Zoom Client for Meetings for MacOS < next of 5.10.6
Zoom Client for Meetings for MacOS < 5.12.0
Refferences
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database