Improper URL parsing in Zoom Clients

CVE-2022-28763

8.8HIGH

Key Information

Vendor
Zoom
Status
Zoom Client For Meetings (for Android, iOS, Linux, Mac OS, And Windows)
Zoom Vdi Windows Meeting Clients
Zoom Rooms For Conference Room (for Android, iOS, Linux, Mac OS, And Windows)
Vendor
CVE Published:
31 October 2022

Summary

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Affected Version(s)

Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) < 5.12.2

Zoom VDI Windows Meeting Clients < 5.12.2

Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) < 5.12.2

Refferences

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.