Man-in-the-Middle (MitM) attack in Zoom Video Communications, Inc. Server applications

#VU73695 Man-in-the-Middle (MitM) attack in Zoom Video Communications, Inc. Server applications

Published: 2023-03-15

Vulnerability identifier: #VU73695

Vulnerability risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22885

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Zoom Client for Windows
Client/Desktop applications / Office applications
Zoom Client for macOS
Client/Desktop applications / Office applications
Zoom Client for Linux
Client/Desktop applications / Office applications
Zoom Rooms for Windows
Client/Desktop applications / Office applications
Zoom Client for Android
Mobile applications / Apps for mobile phones
Zoom Client for iOS
Mobile applications / Apps for mobile phones
Zoom Rooms for macOS
Client/Desktop applications / Messaging software
Virtual Desktop Infrastructure (VDI)
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Zoom Video Communications, Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the way the Zoom client handles SMB shares. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Zoom Client for Windows: 5.0.0 23168.0427 - 5.13.4 11835

Zoom Client for Android: 5.0.1 23478.0429 - 5.13.4 11364

Zoom Client for macOS: 5.0.0 23186.0427 - 5.13.4 14461

Zoom Client for Linux: 5.1.418436.0628 - 5.13.4 711

Zoom Client for iOS: 5.0.0 23161.0427 - 5.13.4 6295

Zoom Rooms for Windows: 5.0.0 1420.0426 - 5.13.0 2301

Zoom Rooms for macOS: 5.0.0 2236.0426 - 5.13.0 2196

Virtual Desktop Infrastructure (VDI): 5.0.1 - 5.13.1

External links
http://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23005

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Zoom clients