The vulnerability of Zoom video conferencing software for Windows lies in the improper checking of the currently installed software version during updates. This allows a malicious individual to circumvent certain security restrictions.

🗓️ 06 Jun 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Zoom for Windows fails to verify installed version during updates, enabling remote bypass of security restrictions.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2022-22786	17 May 202212:00	–	attackerkb
Circl	CVE-2022-22786	18 May 202220:28	–	circl
CNNVD	多款Zoom产品安全漏洞	18 May 202200:00	–	cnnvd
CVE	CVE-2022-22786	18 May 202215:42	–	cve
Cvelist	CVE-2022-22786 Update package downgrade in Zoom Client for Meetings for Windows	18 May 202215:42	–	cvelist
EUVD	EUVD-2022-27929	3 Oct 202520:07	–	euvd
Kaspersky	KLA12539 Multiple vulnerabilities in Zoom	17 May 202200:00	–	kaspersky
Malwarebytes	Insights into your unpatched vulnerabilities	11 Dec 202310:17	–	malwarebytes
NVD	CVE-2022-22786	18 May 202216:15	–	nvd
OpenVAS	Zoom Client < 5.10.0 Multiple Vulnerabilities (ZSB-22006, ZSB-22007, ZSB-22008, ZSB-22009) - Windows	19 May 202200:00	–	openvas

Vulners

Node

zoom_video_communications,zoom_client_for_meetingsRange<5.10.0

OR

zoom_video_communications,zoom_rooms_for_conference_roomRange<5.10.0

Source	Link
explore	www.explore.zoom.us/en/trust/security/security-bulletin/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022052417
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

06 Jun 2022 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 37.5

CVSS 27.6

EPSS0.00331

Zoom Windows Version check Updates Security restrictions Remote bypass