ZoomCVELIST:CVE-2022-28763CVE-2022-28763 Improper URL parsing in Zoom Clients
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.5%
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
CNA Affected
[
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.2",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom VDI Windows Meeting Clients",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.2",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.2",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.5%