Lucene search
HistoryOct 14, 2022 - 3:15 p.m.
CVE-2022-28759
zoom on-premise meeting connector
mmr
access control vulnerability
meeting disruptions
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS
0.002
Percentile
54.8%
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
Affected configurations
Node
zoomzoom_on-premise_meeting_connector_mmrRange<4.8.20220815.130
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zoom | zoom_on-premise_meeting_connector_mmr | * | cpe:2.3:a:zoom:zoom_on-premise_meeting_connector_mmr:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-28759 Zoom On-Premise Deployments: Improper Access Control
2022-10-14 14:51:20
cve
cve
CVE-2022-28759
2022-10-14 15:15:15
prion
prion
Improper access control
2022-10-14 15:15:00
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS
0.002
Percentile
54.8%
Related for NVD:CVE-2022-28759