Main Vulnerability Database Vulnerabilities #VU66603

#VU66603 Improper access control in Zoom Meeting Connector - CVE-2022-28754

Published: August 18, 2022

Vulnerability identifier: #VU66603

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-28754

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zoom Meeting Connector

Software vendor:
Zoom Video Communications, Inc.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and join the meeting they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Remediation

Install updates from vendor's website.

External links

https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22014

#VU66603 Improper access control in Zoom Meeting Connector - CVE-2022-28754

Description

Remediation

External links

Please verify you're human