Lucene search

[email protected]NVD:CVE-2022-28763

HistoryOct 31, 2022 - 8:15 p.m.

CVE-2022-28763

2022-10-3120:15:12

CWE-20

CWE-601

[email protected]

web.nvd.nist.gov

zoom client

url parsing

vulnerability

android

ios

linux

macos

windows

network address

session takeover

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Affected configurations

NVD

Node

zoommeetingsRange<5.12.2android

zoommeetingsRange<5.12.2iphone_os

zoommeetingsRange<5.12.2linux

zoommeetingsRange<5.12.2macos

zoommeetingsRange<5.12.2windows

zoomrooms_for_conference_roomsRange<5.12.2android

zoomrooms_for_conference_roomsRange<5.12.2iphone_os

zoomrooms_for_conference_roomsRange<5.12.2linux

zoomrooms_for_conference_roomsRange<5.12.2macos

zoomrooms_for_conference_roomsRange<5.12.2windows

zoomvirtual_desktop_infrastructureRange<5.12.2windows

References

explore.zoom.us/en/trust/security/security-bulletin/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for NVD:CVE-2022-28763

openvas1 nessus1 prion1 cve1 cvelist1