Improper URL parsing in Zoom Clients

CVE-2022-28763

8.8HIGH

Key Information

Vendor: Zoom
Status: Zoom Client For Meetings (for Android, iOS, Linux, Mac OS, And Windows); Zoom Vdi Windows Meeting Clients; Zoom Rooms For Conference Room (for Android, iOS, Linux, Mac OS, And Windows)
Vendor: CVE Published:; 31 October 2022

Summary

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Affected Version(s)

Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) < 5.12.2

Zoom VDI Windows Meeting Clients < 5.12.2

Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) < 5.12.2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 9.6 to: 8.8 - (HIGH)
Feb 22, 2024
Vulnerability published.
Oct 31, 2022
Vulnerability Reserved.
Apr 6, 2022

Collectors

NVD DatabaseMitre Database