Lucene search

Kaspersky LabKLA12567

HistoryJun 14, 2022 - 12:00 a.m.

KLA12567 RCE vulnerability in Zoom

2022-06-1400:00:00

Kaspersky Lab

threats.kaspersky.com

zoom

remote code execution

update

vulnerability

malicious users

arbitrary code execution

windows

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.001

Percentile

26.4%

JSON

Remote code execution vulnerability was found in Zoom. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

Zoom Security Bulletin

CVE list

CVE-2022-22788 unknown

Solution

Update to the latest version

Download Zoom

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Zoom for Windows earlier than 5.10.3

References

explore.zoom.us/en/trust/security/security-bulletin/

statistics.securelist.com/

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.001

Percentile

26.4%

JSON

Related for KLA12567