Lucene search

[email protected]CVE-2022-28759

HistoryOct 14, 2022 - 3:15 p.m.

CVE-2022-28759

2022-10-1415:15:15

CWE-284

[email protected]

web.nvd.nist.gov

zoom

on-premise

meeting connector

mmr

access control

vulnerability

nvd

cve-2022-28759

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.

Affected configurations

NVD

Node

zoomzoom_on-premise_meeting_connector_mmrRange<4.8.20220815.130

CPENameOperatorVersion
zoom:zoom_on-premise_meeting_connector_mmrzoom zoom on-premise meeting connector mmrlt4.8.20220815.130

CPE	Name	Operator	Version
zoom:zoom_on-premise_meeting_connector_mmr	zoom zoom on-premise meeting connector mmr	lt	4.8.20220815.130

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom On-Premise Meeting Connector MMR",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.8.20220815.130",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2022-28759

cvelist1 prion1 nvd1