Lucene search

[email protected]CVE-2022-28764

HistoryNov 14, 2022 - 9:15 p.m.

CVE-2022-28764

2022-11-1421:15:13

CWE-459

CWE-200

[email protected]

web.nvd.nist.gov

398

cve-2022-28764

zoom

meetings

android

ios

linux

macos

windows

vulnerability

local information exposure

sql database

encryption

nvd

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Affected configurations

NVD

Node

zoommeetingsRange<5.12.6android

zoommeetingsRange<5.12.6iphone_os

zoommeetingsRange<5.12.6linux

zoommeetingsRange<5.12.6macos

zoommeetingsRange<5.12.6windows

zoomroomsRange<5.12.6android

zoomroomsRange<5.12.6iphone_os

zoomroomsRange<5.12.6linux

zoomroomsRange<5.12.6macos

zoomroomsRange<5.12.6windows

zoomvdi_windows_meeting_clientsRange<5.12.6

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.12.6
zoom:roomszoom roomslt5.12.6
zoom:vdi_windows_meeting_clientszoom vdi windows meeting clientslt5.12.6

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.12.6
zoom:rooms	zoom rooms	lt	5.12.6
zoom:vdi_windows_meeting_clients	zoom vdi windows meeting clients	lt	5.12.6

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom VDI Windows Meeting Clients",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]