Improper URL parsing in Zoom Clients
CVE-2022-28763
8.8HIGH
Key Information
- Vendor
- Zoom
- Status
- Zoom Client For Meetings (for Android, iOS, Linux, Mac OS, And Windows)
- Zoom Vdi Windows Meeting Clients
- Zoom Rooms For Conference Room (for Android, iOS, Linux, Mac OS, And Windows)
- Vendor
- CVE Published:
- 31 October 2022
Summary
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
Affected Version(s)
Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) < 5.12.2
Zoom VDI Windows Meeting Clients < 5.12.2
Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) < 5.12.2
Refferences
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database