#VU63591 Improper validation of certificate with host mismatch in Zoom Video Communications, Inc. products - CVE-2022-22787
Published: May 24, 2022
Vulnerability identifier: #VU63591
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22787
CWE-ID: CWE-297
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to software fails to properly validate the hostname during a server switch request. A remote attacker can perform a man-in-the-middle (MitM) attack.
Remediation
Install updates from vendor's website.