Improper access control in Zoom Meeting Connector - CVE-2022-28754

 

Improper access control in Zoom Meeting Connector - CVE-2022-28754

Published: August 18, 2022


Vulnerability identifier: #VU66603
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-28754
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Meeting Connector

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and join the meeting they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.


How to mitigate CVE-2022-28754

Install updates from vendor's website.

Sources