CVE-2022-22788

EPSS 1.02%
Published 15.06.2022 21:15:09
Last modified 21.11.2024 06:47:27
Source security@zoom.us
Teams watchlist Login
Open Login

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Meetings SwPlatformwindows Version < 5.10.3

Zoom ≫ Rooms SwPlatformwindows Version < 5.10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.764

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C
security@zoom.us	7.1	1.2	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22788

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22788

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22788

EUVD