Multiple vulnerabilities in Zoom Client

1) Improper validation of certificate with host mismatch

EUVDB-ID: #VU63591

Risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22787

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software fails to properly validate the hostname during a server switch request. A remote attacker can perform a man-in-the-middle (MitM) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Client for Windows: 0.9.10042.0911 - 5.5.4 13142.0301

Zoom Client for Android: 4.6.11 20553.0413 - 5.9.6 4756

Zoom Client for macOS: 4.6.9 19273.0402 - 5.9.6 4993

Zoom Client for Linux: 5.1.418436.0628 - 5.9.6 2225

Zoom Client for iOS: 4.6.10 20012.0407 - 5.9.6 2729

External links

http://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22009

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Reliance on Untrusted Inputs in a Security Decision

EUVDB-ID: #VU63590

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22786

CWE-ID: CWE-807 - Reliance on Untrusted Inputs in a Security Decision

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to improper checking of the currently installed software version when performing software update. A remote attacker can trick the victim into installing an older software version.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Client for Windows: 5.0.0 23168.0427 - 5.5.4 13142.0301

Zoom Rooms for Windows: 5.0.0 1420.0426 - 5.9.4 990

External links

http://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22008

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU63588

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22785

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Zoom client fails to properly constrain client session cookies to Zoom domains. A remote attacker can force unsuspecting users send Zoom-scoped session cookies to a non-Zoom domain and perform spoofing of a Zoom user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Client for Android: 4.6.11 20553.0413 - 5.9.6 4756

Zoom Client for macOS: 4.6.9 19273.0402 - 5.9.6 4993

Zoom Client for Linux: 5.1.418436.0628 - 5.9.6 2225

Zoom Client for iOS: 4.6.10 20012.0407 - 5.9.6 2729

Zoom Client for Windows: 4.0.35295.0605 - 5.5.4 13142.0301

External links

http://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22007

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to perform certain actions on the device.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) XML injection

EUVDB-ID: #VU63587

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22784

CWE-ID: CWE-91 - XML Injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation when processing XML data inside XMPP messages. A remote attacker can send a specially crafted chat message to break out of the current XMPP message context and spoof messages from other application users or from server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Client for Windows: 4.0.35295.0605 - 5.5.4 13142.0301

Zoom Client for Linux: 5.1.418436.0628 - 5.9.6 2225

Zoom Client for macOS: 4.6.9 19273.0402 - 5.9.6 4993

Zoom Client for Android: 4.6.11 20553.0413 - 5.9.6 4756

Zoom Client for iOS: 4.6.10 20012.0407 - 5.9.6 2729

External links

http://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.