Lucene search

[email protected]CVE-2022-28753

HistoryAug 11, 2022 - 3:15 p.m.

CVE-2022-28753

2022-08-1115:15:12

CWE-284

[email protected]

web.nvd.nist.gov

zoom

on-premise

meeting connector

mmr

security

vulnerability

access control

cve-2022-28753

meeting disruptions

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Affected configurations

NVD

Node

zoommeeting_connectorRange<4.8.129.20220714

CPENameOperatorVersion
zoom:meeting_connectorzoom meeting connectorlt4.8.129.20220714

CPE	Name	Operator	Version
zoom:meeting_connector	zoom meeting connector	lt	4.8.129.20220714

CNA Affected

[
  {
    "product": "Zoom On-Premise Meeting Connector MMR",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "4.8.129.20220714",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

Social References

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2022-28753

nvd1 prion1 cvelist1