Improper validation of certificate with host mismatch in Zoom Video Communications, Inc. products - CVE-2022-22787

 

Improper validation of certificate with host mismatch in Zoom Video Communications, Inc. products - CVE-2022-22787

Published: May 24, 2022


Vulnerability identifier: #VU63591
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22787
CWE-ID: CWE-297
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software fails to properly validate the hostname during a server switch request. A remote attacker can perform a man-in-the-middle (MitM) attack.


How to mitigate CVE-2022-22787

Install updates from vendor's website.

Sources