Lucene search

[email protected]CVE-2022-28763

HistoryOct 31, 2022 - 8:15 p.m.

CVE-2022-28763

2022-10-3120:15:12

CWE-601

CWE-20

[email protected]

web.nvd.nist.gov

zoom

client

meetings

vulnerability

url parsing

cve-2022-28763

nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.4%

JSON

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Affected configurations

NVD

Node

zoommeetingsRange<5.12.2android

zoommeetingsRange<5.12.2iphone_os

zoommeetingsRange<5.12.2linux

zoommeetingsRange<5.12.2macos

zoommeetingsRange<5.12.2windows

zoomrooms_for_conference_roomsRange<5.12.2android

zoomrooms_for_conference_roomsRange<5.12.2iphone_os

zoomrooms_for_conference_roomsRange<5.12.2linux

zoomrooms_for_conference_roomsRange<5.12.2macos

zoomrooms_for_conference_roomsRange<5.12.2windows

zoomvirtual_desktop_infrastructureRange<5.12.2windows

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.12.2
zoom:rooms_for_conference_roomszoom rooms for conference roomslt5.12.2
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.12.2

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.12.2
zoom:rooms_for_conference_rooms	zoom rooms for conference rooms	lt	5.12.2
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.12.2

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom VDI Windows Meeting Clients",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]