Lucene search

[email protected]CVE-2022-28768

HistoryNov 17, 2022 - 11:15 p.m.

CVE-2022-28768

2022-11-1723:15:15

CWE-689

CWE-362

[email protected]

web.nvd.nist.gov

cve-2022-28768

zoom

macos

installer

vulnerability

privilege escalation

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.

Affected configurations

NVD

Node

zoommeetingsRange<5.12.6macos

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.12.6

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.12.6

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom Client for Meetings Installer for macOS (Standard and for IT Admin)",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.12.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

Social References

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-28768

prion1 nvd1 openvas1 cvelist1