CVE-2022-22787

EPSS 3.8%
Veröffentlicht 18.05.2022 17:15:08
Zuletzt bearbeitet 21.11.2024 06:47:27
Quelle security@zoom.us
CVE-Watchlists
Login
Unerledigt
Login

Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Meetings SwPlatformandroid Version < 5.10.0

Zoom ≫ Meetings SwPlatformiphone_os Version < 5.10.0

Zoom ≫ Meetings SwPlatformlinux Version < 5.10.0

Zoom ≫ Meetings SwPlatformmacos Version < 5.10.0

Zoom ≫ Meetings SwPlatformwindows Version < 5.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.8%	0.886

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
security@zoom.us	5.9	1.6	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://explore.zoom.us/en/trust/security/security-bulletin

Vendor Advisory

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-22787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22787

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22787